Security Automation Engineer

About Vercel:

Vercel’s Frontend Cloud provides the developer experience and infrastructure to build, scale, and secure a faster, more personalized web. Customers like Under Armour, eBay, The Washington Post, Johnson & Johnson, and Zapier use Vercel to build dynamic user experiences on the web.

At Vercel, our mission is to enable the world to ship the best products and that goes hand in hand with creating an environment where you can do the best work of your life.

About the Role:

We are looking for an Automation Engineer to join our Security team. This role will focus on building internal security tools, automating secure design reviews, and integrating security guidance directly into pull requests. Your work will empower both the security and development teams by reducing friction in the security review process and ensuring best practices are embedded seamlessly into the Software Development Lifecycle (SDLC).

This is a hybrid role based at our San Francisco office with two days in the office per week.

What You Will Do:

• Develop and maintain security automation tooling to enhance visibility, enforce security best practices, and streamline processes.
• Automate secure design reviews and integrate security checks into pull request workflows and CI/CD pipelines.
• Build and manage security operations automation, including data pipelines, SOAR workflows, and log aggregation for improved threat detection.
• Collaborate with development and security teams to ensure seamless adoption of security automation.
• Continuously refine automation strategies to optimize security effectiveness and reduce manual overhead.
• Support on-going vulnerability management efforts to ensure proper attack surface management.

About You:

• Experience building automation tooling for security or developer efficiency.
• Proficiency in at least one scripting language (Python, JavaScript, or Bash) and familiarity with a compiled language (Go, Rust, or Java).
• Experience with GitHub automation and API integrations.
• Strong understanding of CI/CD pipelines and how to integrate security into development workflows.
• Knowledge of infrastructure-as-code security best practices and automation techniques.
• Ability to collaborate effectively across security and engineering teams.

Bonus If You:

• Have experience with security policy-as-code frameworks.
• Have worked on integrating security controls into developer workflows at scale.
• Have experience with modern cloud-native security tooling and practices.

Benefits:

• Competitive compensation package, including equity.
• Inclusive Healthcare Package.
• Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
• Flexible Time Off.
• We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

The San Francisco, CA base pay range for this role is $196,000-$294,000. This salary range is an estimate. Actual salary will be based on job-related skills, experience, and location. The total compensation package also includes benefits and equity-based compensation. Your recruiter can share more about the specific pay range for your location during the hiring process.

Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.

#LI-LC1