• Bring a highly motivated, entrepreneurial mindset to drive Cisco Security growth across commercial accounts • Build trusted relationships with business and technology leaders • Help customers address evolving cybersecurity challenges • Identify opportunities to expand Cisco's security footprint • Develop and execute strategic account plans for assigned commercial customers • Drive double-digit revenue growth by identifying new opportunities • Accurately forecast pipeline and business activity using Salesforce and Clari • Identify lead strategic security initiatives that increase revenues across your territory • Consistently achieve software, subscription, support, and services revenue targets

About Vercel:Vercel is the agentic infrastructure company. We free people and agents to ship what’s next. For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience. Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents. We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide. Whether you’re building our products, supporting our customers, growing our community, or shaping our story, you’ll help define what comes next. About the Role:We are looking for a Product Security Engineer to join our security team to drive critical product security initiatives across Vercel’s products and platform. Your core focus will be on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. You will support both our internal product engineering teams and customer-facing security programs, ensuring that security is embedded throughout our development lifecycle and that our platform earns the trust of developers and end-users alike. As a senior member of the team, you will lead cross-organizational security projects and champion a security-first culture within Vercel’s engineering organization. This is a high-impact role with broad scope – your work will not only secure Vercel’s core infrastructure and products (built with Next.js, Node.js, and serverless architecture), but also influence the security of the open-source ecosystems we contribute to. If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday. If you're located beyond that distance, the role is fully remote. For location-specific details, please connect with our recruiting team. What You Will Do: - Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment. - Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team. - Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code. - SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort. - Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You’ll also work on making our bug bounty a world-class, researcher-friendly program, including refining policies, scope, and engagement to encourage high-quality submissions. - Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements. - Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform. About You: - Experienced Security Engineer: You have 5+ years of experience in an Product Security or Product Security role (or related field), with a track record of securing web products and services. You’re well-versed in the fundamentals of product security and have hands-on experience finding and fixing vulnerabilities. - Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security. Experience with modern web frameworks (ideally Next.js or React and Node-based frameworks) and understanding of their security considerations. You can read and review code in these technologies to spot security flaws. - Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex product. You understand how to integrate security into a fast-paced SDLC without slowing it down. Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required. - Security Tools & Automation: Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration. Familiarity with GitHub Advanced Security or similar tools for code scanning and secret detection is a strong plus. - Open Source and Supply Chain Security: Knowledge of open-source security best practices. You have experience dealing with open-source dependencies and package management security (e.g., handling vulnerability advisories, using tools like Dependabot or Snyk). Bonus if you have contributed to or maintained open-source projects, especially security-related ones. - Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program or vulnerability disclosure process. You know how to assess externally reported issues, reproduce and validate vulnerabilities, and coordinate fixes. You stay up-to-date on the latest vulnerabilities (OWASP Top 10, emerging threats) and methods to mitigate them. - Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective. You are familiar with securing products on cloud platforms (e.g., securing serverless functions, protecting APIs, managing secrets and keys). Experience with related cloud security concepts or tools is a plus. - Technical Leadership: Proven ability to drive security initiatives and influence engineering teams to adopt best practices. You can work cross-functionally to achieve security goals – for example, rolling out a new security tool or standard across many engineers. (While we emphasize technical skills, this senior role requires you to effectively communicate and lead within the organization to get things done.) Bonus If You: - Have prior software development experience beyond security (e.g. as a frontend or backend engineer). Being able to empathize with developers and write or contribute code will help you integrate security seamlessly into development. - Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries). These demonstrate your depth of knowledge, though they are not required. - Experience with security policy-as-code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.). This shows you can bring security into the automation and infrastructure realm. - Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools. - Are an active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences). A passion for continuous learning and sharing knowledge is always a plus on our team. Benefits: - Competitive compensation package, including equity. - Inclusive Healthcare Package. - Learn and Grow - we provide mentorship and send you to events that help you build your network and skills. - Flexible Time Off. - We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed. The San Francisco, CA base pay range for this role is $208,000.00 - $312,000.00. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process. Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.

Role Description Reporting to the VP, Cloud Operations & GRC, the Sr. Security & Compliance Analyst will support the execution and continuous improvement of Energy Exemplar’s security, risk, compliance, vulnerability management, and AI governance programs across cloud and enterprise operations. - Support security and compliance programs aligned with ISO 27001, SOC 1, SOC 2, privacy, and emerging AI governance requirements. - Coordinate and drive vulnerability remediation activities across Engineering, Cloud Operations, IT, and Product teams to ensure remediation within defined EE SLAs. - Track and report security metrics, including MTTR, overdue vulnerabilities, remediation trends, audit findings, and compliance dashboards. - Proactively follow up and escalate unresolved vulnerabilities, audit findings, and compliance gaps. - Support continuous control monitoring, risk assessments, third-party risk management, policy management, access reviews, and audit activities. - Respond to customer security and compliance due diligence requests, audits, and questionnaires. - Support AI governance, security, and compliance initiatives, including assessment of AI-related risks, emerging regulations, and industry standards (e.g., ISO 42001, EU AI Act, privacy requirements). - Assist in evaluating AI-enabled solutions and third-party AI services for security, privacy, compliance, and responsible AI considerations. - Monitor emerging cybersecurity threats, privacy regulations, and industry compliance requirements. - Collaborate with cross-functional teams to drive remediation and continuous improvement initiatives. Qualifications - 6–8 years of experience in Governance, Risk & Compliance (GRC), cybersecurity, information security, or risk management. - Strong understanding of ISO 27001, SOC 1 / SOC 2, GDPR/privacy principles, vulnerability management, and security controls. - Experience in Energy / Utilities sector security and compliance requirements (e.g., CEII or critical infrastructure requirements). - Experience coordinating vulnerability remediation programs, tracking SLA compliance, MTTR metrics, and executive reporting. - Experience supporting audits, customer security reviews, and compliance programs. - Familiarity with emerging AI governance, privacy, and security frameworks (e.g., ISO 42001, EU AI Act, responsible AI principles) preferred. - Strong communication, organizational, stakeholder management, and follow-up skills. - Ability to work independently and proactively drive outcomes across distributed teams. Requirements - Preferred Certifications: CISSP, CISA, ISO 27001 Lead Implementer/Auditor, or similar certifications. - AI governance/privacy certifications are a plus. Benefits - Energy Exemplar is proud to be an equal opportunity employer. - We celebrate diversity and are committed to creating an inclusive environment for all team members. - We welcome applications from people of all backgrounds, experiences, identities, and abilities. - Please let us know if you require accommodations at any stage of the recruitment process—we're here to support you in showcasing your full potential.

• Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders • Understand business processes and information system requirements and the associated information risk in those processes • Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business’ contractual commitments • Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required • Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information • Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.) • Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling (e.g. Vanta) and act as the primary liaison for external auditors to support certifications • Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education • Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities • Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches • Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including: Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services (e.g. Salesforce, Mulesoft, APIs, etc.) • Network security architecture, including firewalls, segmentation, and secure communication protocols • Logging and monitoring security needs, including SIEM platforms • Encryption standards needed for compliance • Document security configurations, processes, and controls • Digital certificate lifecycle management, including issuance, renewal, and revocation • Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making • Other duties as assigned