Job Description
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.
We are looking for a SOC Engineer to join our Security Operations team and help defend a fast-moving, cloud-native AI vibe-coding platform. In this role, you will stay on top of emerging threats—from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues—and rapidly determine their relevance and potential impact to Replit. You will conduct investigations, analyze signals across our environment, and collaborate with Security, SRE, and Engineering teams to develop and drive effective containment and mitigation strategies.
This is a hands-on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP), and the ability to work across multiple teams in a fast-paced environment.
Responsibilities
Threat Awareness & Rapid Assessment
Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues
Quickly assess the applicability of these threats to Replit’s cloud infrastructure, SaaS services, internal tooling, and platform components.
Investigation & Impact Analysis
Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit.
Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools.
Identify gaps or weaknesses in existing detection or visibility and propose improvements.
Containment, Mitigation & Cross-Team Collaboration
Research potential impact paths and develop mitigation strategies for confirmed or applicable threats.
Partner closely with Security, SRE, and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes.
Document findings, mitigations, and follow-up actions clearly for internal teams.
Required Skills & Experience
Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams.
Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.
Solid knowledge of cloud architecture, especially Google Cloud Platform (GCP) services used in modern cloud-native deployments.
Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.
Hands-on experience with SIEM, Cloud Logging, and log-based investigation workflows.
Ability to perform investigations using log data, behavioral indicators, and threat intelligence.
General understanding of vulnerability lifecycles, exploitability analysis, and common attack vectors.
Preferred Qualifications
Experience with threat intelligence, security research, or vulnerability analysis.
Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems.
Ability to write scripts or small tools for investigation or automation (Python, Go, Bash).
Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.
Experience in fast-paced, cloud-native, or AI/ML-driven environments.
What We Value
Curiosity & initiative: Strong desire to understand attacker behaviors, emerging threats, and how they apply to real-world systems.
Speed & analytical rigor: Ability to quickly assess high-risk vulnerabilities with clear, evidence-based reasoning.
Collaboration: Comfort working across cross-functional teams spanning Security, SRE, Engineering, and Infrastructure.
Clear communication: Ability to explain findings, risks, and mitigation strategies to stakeholders at all levels.
Ownership mindset: Takes initiative to drive investigations, improvements, and remediations to completion
Continuous learning: Passion for staying up to date on new vulnerabilities, exploit trends, and cloud-native security best practices.
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
💰 Competitive Salary & Equity
💹 401(k) Program
⚕️ Health, Dental, Vision and Life Insurance
🩼 Short Term and Long Term Disability
🚼 Paid Parental, Medical, Caregiver Leave
🚗 Commuter Benefits
📱 Monthly Wellness Stipend
🧑💻 Autonoumous Work Environement
🖥 In Office Set-Up Reimbursement
🏝 Flexible Time Off (FTO) + Holidays
🚀 Quarterly Team Gatherings
☕ In Office Amenities
Want to learn more about what we are up to?
Meet the Replit Agent
Replit: Make an app for that
Replit Blog
Amjad TED Talk
Interviewing + Culture at Replit
Operating Principles
Reasons not to work at Replit
To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.
