Security Engineer • Mid-Level

Who you are

You have a strong technical background in security engineering, with experience in managing vulnerability response programs. You understand the lifecycle of security vulnerabilities and have a deep knowledge of web, application, and cloud exploit classes. Your experience includes operating bug bounty and coordinated disclosure programs, and you are familiar with platforms like HackerOne. You are detail-oriented and capable of independently validating and reproducing vulnerabilities, as well as assessing their relevance and exploitability using frameworks like OWASP.

You have a collaborative mindset and enjoy working closely with cross-functional teams, including Engineering, Cloud Security, SecOps, SRE, and IT. You are skilled in managing the intake process from various sources, such as bug bounty platforms, customer reports, and automated scanners. Your ability to document findings and maintain a clean vulnerability records pipeline is crucial to your success in this role.

You are proactive in remediation coordination and SLA management, ensuring that vulnerabilities are addressed quickly and effectively. You have experience assessing identity, authentication, and authorization risks, particularly with protocols like OAuth and OIDC. Your strong communication skills allow you to convey complex security concepts to both technical and non-technical stakeholders.

Desirable

Experience with cloud-native environments and familiarity with security tools and practices in these settings is a plus. You may also have knowledge of security compliance frameworks and best practices, which can enhance your contributions to the team.

What you'll do

In this role, you will lead the vulnerability response program for Replit’s cloud-native AI platform. You will manage the intake of vulnerabilities from various sources, including bug bounty platforms and customer reports, ensuring that each finding is validated and documented accurately. Your responsibilities will include assessing the severity of vulnerabilities and coordinating with engineering and security teams to drive remediation efforts.

You will work closely with the Engineering team to confirm product impact and ensure that vulnerabilities are fixed in a timely manner. Your role will involve maintaining a clean pipeline of vulnerability records and identifying duplicates to streamline the process. You will also be responsible for communicating findings and remediation status to stakeholders, ensuring transparency and accountability throughout the vulnerability management lifecycle.

As part of your duties, you will assess the relevance and exploitability of vulnerabilities using established frameworks and patterns, contributing to the overall security posture of Replit’s products and services. You will collaborate with various teams, including SecOps, SRE, and Cloud Security, to ensure that security practices are integrated into the development lifecycle.

What we offer

Replit is committed to creating an inclusive environment where diverse perspectives are valued. We encourage candidates from all backgrounds to apply, as we believe that a diverse team leads to better products and solutions. You will have the opportunity to work in a dynamic and innovative environment, contributing to a mission that democratizes software development.

We offer competitive compensation and benefits, along with opportunities for professional growth and development. You will be part of a team that is passionate about making programming more accessible and impactful for users around the world. Join us in shaping the future of software creation.