This systematic review examines serverless security mechanisms proposed between 2018 and 2024, categorizing them into a layered security model comprising runtime, network, function, orchestration, and data. The proposed model provides a structured framework to analyze serverless-specific threats and protective measures that can be used in future works to better contextualize the threat scope of new protection techniques. Our findings reveal notable advancements in serverless security but highlight persistent gaps, such as function-level observability or data lifecycle protection. In addition to cataloging existing mechanisms, we identify key research directions and share all review data to facilitate future studies. This work advances the understanding of serverless security and offers a foundation for developing more robust protective measures.