Replit · 1 month ago
Security Operations Lead
Foster City, CA (Hybrid) In office M,W,F
Full-time
Hybrid
Senior Level
$220K/yr - $325K/yr
7+ years expReplit is the agentic software creation platform that enables anyone to build applications using natural language. They are seeking a Security Operations Lead to build, mature, and operate their 24/7 detection and response capabilities across a modern cloud-native and AI-driven environment.
Artificial Intelligence (AI)Cloud ComputingDeveloper ToolsInformation TechnologySoftware
Responsibilities
Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation
Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments
Cover monitoring across: Cloud infrastructure (GCP, AWS, Azure), Kubernetes/GKE/EKS/AKS clusters, SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.), Endpoints (macOS, Linux, Windows) including EDR/XDR telemetry, Developer platforms + CI/CD pipelines, AI/ML systems and model-serving workflows
Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation
Identify opportunities to automate triage, investigations, enrichment, and reporting
Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling
Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics
Expand telemetry across: Cloud logs, API logs, system events, SaaS audit logs and admin events, Identity providers (Okta, Google, Azure AD), Endpoint EDR/XDR event streams
Standardize data schemas and improve detection signal quality across sources
Develop high-fidelity detections for: Cloud-native attacks, Identity threats and lateral movement, SaaS misconfigurations and privilege abuse, Endpoint malware/behavior anomalies, Insider threats and account takeover patterns
Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage
Collaborate with Engineering, Cloud Security, and SRE to ensure telemetry supports detection use cases
Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization
Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms
Guide root cause analysis and work with owners to drive remediation and architectural improvements
Continuously refine logic, reduce false positives, and improve signal quality
Partner with Cloud Security on cloud posture and preventative controls
Work with Compliance/GRC to support SOC 2, ISO 27001, and audit readiness
Collaborate with SRE and Engineering to instrument new services with structured logs and detection hooks
Coordinate with IT / Endpoint teams to ensure full endpoint telemetry and EDR response readiness
Communicate threats, gaps, and trends to leadership and engineering stakeholders
Qualification
Required
7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity
Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP)
Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.)
Deep understanding of cloud security monitoring (GCP required; AWS/Azure preferred)
Deep understanding of SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.)
Deep understanding of endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender)
Deep understanding of Kubernetes and container detection
Hands-on detection engineering skills, event correlation, threat hunting, and log analysis
Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools
Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns
Experience with SOAR and scripting (Python, Go, Bash)
Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management
Preferred
Experience with UBA/UEBA, ML-driven anomaly detection, or autonomous remediation systems
Previous experience at a high-growth tech company
Security certifications (GCIH, GCIA, GCTI, GCDA, GCFA, etc.)
Benefits
Competitive Salary & Equity
401(k) Program
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Commuter Benefits
Monthly Wellness Stipend
Autonoumous Work Environement
In Office Set-Up Reimbursement
Flexible Time Off (FTO) + Holidays
Quarterly Team Gatherings
In Office Amenities
Company
Replit
Replit is the most secure agentic platform for production-ready apps.
51-200 employees
H1B Sponsorship
Replit has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (5)
2023 (2)
2022 (2)
Funding
Current Stage
Growth StageTotal Funding
$472.02MKey Investors
Prysm CapitalCraft VenturesAndreessen Horowitz
2025-07-30Series C· $250M
2023-11-06Series B· $20M
2023-04-25Series B· $97.4M
Leadership Team
Amjad Masad
CEO
Faris Masad
CO-founder and Engineer
Recent News
2026-01-17
2026-01-16
Company data provided by crunchbase