Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

Apply faster with JobTailor

Recommended
Apply

Apply your way

Use the standard apply link, or let JobTailor help you move faster.

  • Apply directly in one click
  • No setup required
  • Best if you’re in a hurry
Start AI Apply
Replit

Product Security Engineer – PSIRT

Replit

. Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.

Posted 4/20/2026full-timeFoster City • California • 🇺🇸 United StatesMid-LevelSenior💰 $180,000 - $325,000 per yearWebsite

Tech Stack

Tools & technologies
CloudGoGoogle Cloud PlatformPython

About the role

Key responsibilities & impact
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Requirements

What you’ll need
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.
  • Scripting or automation experience (Python, Go, Bash) is a plus.
  • Pentesting background or exposure to offensive security work is a plus.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001 is a plus.
  • Experience authoring public advisories or CVE writeups is a plus.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling is a plus.

Benefits

Comp & perks
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Quarterly Team Gatherings
  • In Office Amenities

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability assessmentbug bounty program managementtriaging vulnerabilitiesreproducing vulnerabilitiesOWASPcloud misconfigurationidentity authentication authorizationscriptingautomationpentesting
Soft Skills
communicationnegotiationindependenceanalytical thinkingproblem-solvingcommunity engagementclarification handlingleadership
Certifications
SOC 2ISO 27001