Skip to main content
TryApplyNow
Replit logo

Security Engineer - Vuln Management (Code)

Replit
Full TimemidRemote
Foster City, CARemotePosted 7 weeks ago

Role Overview

Replit is hiring a mid-level Security Engineer - Vuln Management (Code). This is a full-time remote role, with the team based in Foster City. Part of Replit's Risk hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Salary Context

Salary is not disclosed in this posting. Market median for Mid-level Risk roles is $100k-$130k (based on 53 comparable listings). Many employers share specifics during the interview process or after an initial screen.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonJavaScriptTypeScriptGoCI/CDORTriageSupply Chain

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

ABOUT THE ROLE

We are seeking a mid-level AppSec Vulnerability Management Engineer with a strong software development background. In this role, you will bridge the gap between security, compliance, and engineering teams. You will identify application vulnerabilities, maintain software supply chain security, and drive tracking to satisfy strict regulatory compliance frameworks. You will also serve as a technical responder during security incidents, deploying real-time countermeasures to protect our software ecosystem.

WHAT YOU'LL DO

CORE RESPONSIBILITIES

  • Vulnerability Scanning & Triage: Perform periodic application security scanning activities. Review results and prioritize flaws based on CVSS scores, real-world exploitability, and system exposure.
  • Compliance-Driven Tracking: Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS). Maintain audit-ready evidence of remediation timelines and exception approvals.
  • Executive Reporting & Alerting: Escalate and report critical exposures directly to the CISO and senior leadership. Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture.
  • Software Supply Chain Security: Ownership of the organization's Software Bill of Materials (SBOM). Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking. Help Replit mature through various SLSA levels for supply chain security.
  • Remediation Collaboration: Partner with development teams to provide clear mitigation paths. Review, write, and patch code directly when necessary to resolve security flaws.
  • Tooling Integration: Configure and tune automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams.
  • Incident Response Support: Assist Incident Response teams during active breaches or security incidents. Help develop and implement immediate, real-time code or infrastructure countermeasures.

REQUIRED SKILLS & EXPERIENCE

  • Experience: 5 years of experience in Application Security, DevSecOps, or Software Engineering roles.
  • Development Background: Solid foundational experience working in a software development capacity.
  • Code Literacy: Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go.
  • Build System Expertise: Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks.
  • AppSec Tooling Expertise: Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx).
  • Compliance Awareness: Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.

WHAT WE VALUE

  • Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
  • Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
  • Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.
  • Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match (US Only)

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

🚗 Commuter Benefits (In-Office Only)

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement (In-Office Only)

🚀 Quarterly Team Gatherings

☕ In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

  • Meet the Replit Agent https://www.youtube.com/watch?v=IYiVPrxY8-Y
  • Replit: Make an app for that https://www.youtube.com/watch?v=4zd9hzngFwY
  • Replit Blog https://blog.replit.com/
  • Amjad TED Talk https://youtu.be/kCudFI4tcpg?si=l4ViCejV_f2RZkDi

Interviewing + Culture at Replit

  • Operating Principles https://blog.replit.com/operating-principles
  • Reasons not to work at Replit https://blog.replit.com/reasons-not-to-join-replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

About Replit

Replit logo

Replit

RiskHires remote

52 other open roles at Replit on TryApplyNow.

Frequently Asked Questions

How do I apply for the Security Engineer - Vuln Management (Code) position at Replit?

Use the Apply button above to submit your application directly to Replit. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Is the Security Engineer - Vuln Management (Code) role at Replit remote?

Yes. This is a remote role. The team is based in Foster City, but the position itself does not require relocating to that office.

What does a Security Engineer - Vuln Management (Code) at Replit earn?

Replit has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Security Engineer - Vuln Management (Code) role at Replit posted?

This role was posted on May 20, 2026 (50 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start