Replit · 1 month ago
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA
Full-time
Onsite
Mid, Senior Level
$180K/yr - $280K/yrReplit is a software creation platform that enables users to build applications using natural language. They are seeking a highly skilled Product Security Engineer to lead their vulnerability response program, managing the lifecycle of security vulnerabilities and coordinating with various teams to ensure quick remediation.
Artificial Intelligence (AI)Cloud ComputingDeveloper ToolsInformation TechnologySoftware
Responsibilities
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
Independently validate, reproduce, severity-score, and document findings
Identify duplicates and maintain a clean vulnerability records pipeline
Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
Provide detailed reproduction steps, proof-of-concepts, and technical analyses
Track SLAs, remediation progress, regression testing, and systemic improvements
Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
Design and evolve the bug bounty program, including scope, rules, and reward structures
Manage platform selection, private vs. public launches, and community engagement
Communicate clearly with researchers, provide clarifications, and handle feedback or disputes
Determine reward payouts, bonus decisions, and recognition for top contributors
Lead the coordinated vulnerability disclosure process for internal and external findings
Negotiate disclosure timelines with researchers and partners
Coordinate CVE assignments and publications, and prepare customer/public advisories
Qualification
Required
Experience running or triaging for bug bounty programs (HackerOne ideally)
Strong ability to triage, validate, and reproduce vulnerabilities independently
Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc
Familiarity with cloud platforms (GCP preferred) and SaaS architectures
Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals
Preferred
Scripting or automation experience (Python, Go, Bash)
Pentesting background or exposure to offensive security work
Familiarity with compliance frameworks such as SOC 2 and ISO 27001
Experience authoring public advisories or CVE writeups
Hands-on experience with SIEM, Cloud Logging, and investigative tooling
Benefits
Competitive Salary & Equity
401(k) Program
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Commuter Benefits
Monthly Wellness Stipend
Autonoumous Work Environement
In Office Set-Up Reimbursement
Flexible Time Off (FTO) + Holidays
Quarterly Team Gatherings
In Office Amenities
Company
Replit
Replit is the most secure agentic platform for production-ready apps.
Founded in 2016
51-200 employees
H1B Sponsorship
Replit has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (5)
2023 (2)
2022 (2)
Funding
Current Stage
Growth StageTotal Funding
$472.02MKey Investors
Prysm CapitalCraft VenturesAndreessen Horowitz
2025-07-30Series C· $250M
2023-11-06Series B· $20M
2023-04-25Series B· $97.4M
Leadership Team
Amjad Masad
CEO
Faris Masad
CO-founder and Engineer
Recent News
2026-01-09
2026-01-09
Company data provided by crunchbase