Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Replit

Product Security Engineer – PSIRT

Replit

PSIRT Engineer leading vulnerability response program at Replit's cloud-native AI platform. Collaborating with engineering and security teams to manage vulnerabilities and coordinate remediation.

Posted 4/20/2026full-timeFoster City • California • 🇺🇸 United StatesMid-LevelSenior💰 $180,000 - $325,000 per yearWebsite

Tech Stack

Tools & technologies
CloudGoGoogle Cloud PlatformPython

About the role

Key responsibilities & impact
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Requirements

What you’ll need
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.
  • Scripting or automation experience (Python, Go, Bash) is a plus.
  • Pentesting background or exposure to offensive security work is a plus.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001 is a plus.
  • Experience authoring public advisories or CVE writeups is a plus.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling is a plus.

Benefits

Comp & perks
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Quarterly Team Gatherings
  • In Office Amenities

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability assessmentbug bounty program managementtriaging vulnerabilitiesreproducing vulnerabilitiesOWASPcloud misconfigurationidentity authentication authorizationscriptingautomationpentesting
Soft Skills
communicationnegotiationindependenceanalytical thinkingproblem-solvingcommunity engagementclarification handlingleadership
Certifications
SOC 2ISO 27001