Skip to main content
TryApplyNow
Replit logo

Security Operations Lead

Replit
Be an Early ApplicantFull TimeseniorRemote
Foster City, CARemotePosted Today

Role Overview

Replit is hiring a Security Operations Lead. This is a full-time remote role, with the team based in Foster City. Part of Replit's Devops hiring, posted today. applications are still in the early window, before most candidates have applied. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonGoBashAWSGCPAzureKubernetesLinux

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

We are looking for a Security Operations Lead (SOC Lead) to build, mature, and operate our 24/7 detection and response capabilities across a modern cloud-native and AI-driven environment. This role leads the global SOC function—monitoring, SIEM ownership, detection engineering, alert triage, and operational readiness—while also evaluating and integrating emerging AI-based SOC products and autonomous response platforms.

You will oversee monitoring across multi-cloud environments (GCP primary, AWS/Azure secondary), Kubernetes, SaaS services, endpoints, developer tools, and AI workloads. You’ll collaborate closely with Cloud Security, Compliance/GRC, SRE, Platform Engineering, IT/Endpoint teams, and AI Infrastructure to ensure our detection strategy scales and stays ahead of evolving threats.

This is a hands-on leadership role perfect for someone who wants to shape the SOC of the future while solving complex challenges in a high-scale AI setting.

WHAT YOU’LL DO

SOC LEADERSHIP & 24/7 MONITORING

  • Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.
  • Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments.
  • Cover monitoring across:
  • Cloud infrastructure (GCP, AWS, Azure)
  • Kubernetes/GKE/EKS/AKS clusters
  • SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.)
  • Endpoints (macOS, Linux, Windows) including EDR/XDR telemetry
  • Developer platforms + CI/CD pipelines
  • AI/ML systems and model-serving workflows

AI-BASED SOC INTEGRATION & INNOVATION

  • Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation
  • Identify opportunities to automate triage, investigations, enrichment, and reporting.
  • Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling.

SIEM & TELEMETRY OWNERSHIP

  • Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.
  • Expand telemetry across:
  • Cloud logs, API logs, system events
  • SaaS audit logs and admin events
  • Identity providers (Okta, Google, Azure AD)
  • Endpoint EDR/XDR event streams
  • Standardize data schemas and improve detection signal quality across sources.

DETECTION ENGINEERING

  • Develop high-fidelity detections for:
  • Cloud-native attacks
  • Identity threats and lateral movement
  • SaaS misconfigurations and privilege abuse
  • Endpoint malware/behavior anomalies
  • Insider threats and account takeover patterns
  • Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage.
  • Collaborate with Engineering, Cloud Security, and SRE to ensure telemetry supports detection use cases.

TRIAGE, THREAT ANALYSIS & ESCALATION

  • Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization.
  • Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms.
  • Guide root cause analysis and work with owners to drive remediation and architectural improvements.
  • Continuously refine logic, reduce false positives, and improve signal quality.

CROSS-FUNCTIONAL COLLABORATION

  • Partner with Cloud Security on cloud posture and preventative controls.
  • Work with Compliance/GRC to support SOC 2, ISO 27001, and audit readiness.
  • Collaborate with SRE and Engineering to instrument new services with structured logs and detection hooks.
  • Coordinate with IT / Endpoint teams to ensure full endpoint telemetry and EDR response readiness.
  • Communicate threats, gaps, and trends to leadership and engineering stakeholders.

REQUIRED SKILLS & EXPERIENCE

  • 7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity.
  • Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP).
  • Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.).
  • Deep understanding of:
  • Cloud security monitoring (GCP required; AWS/Azure preferred)
  • SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.)
  • Endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender)
  • Kubernetes and container detection
  • Hands-on detection engineering skills, event correlation, threat hunting, and log analysis.
  • Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools.
  • Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns.
  • Experience with SOAR and scripting (Python, Go, Bash).
  • Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management.

PREFERRED QUALIFICATIONS

  • Experience with UBA/UEBA, ML-driven anomaly detection, or autonomous remediation systems.
  • Previous experience at a high-growth tech company.
  • Security certifications (GCIH, GCIA, GCTI, GCDA, GCFA, etc.).

WHAT WE VALUE

  • Operational excellence: Building reliable, scalable SOC systems.
  • Analytical rigor: Capable of making sense of large, complex, multi-source telemetry.
  • Leadership: Mentorship and guidance of analysts and engineers.
  • Adaptability: Comfortable evaluating and integrating next-gen AI-based SOC tools.
  • Clear communication: Able to articulate risk, incidents, and recommendations to both technical and executive audiences.
  • Automation mindset: Focused on reducing manual toil via SOAR, scripting, and AI augmentation.

Curiosity: Passion for learning, experimenting, and staying ahead of evolving threats—especially those targeting cloud-native and AI systems.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match (US Only)

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

🚗 Commuter Benefits (In-Office Only)

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement (In-Office Only)

🚀 Quarterly Team Gatherings

☕ In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

  • Meet the Replit Agent https://www.youtube.com/watch?v=IYiVPrxY8-Y
  • Replit: Make an app for that https://www.youtube.com/watch?v=4zd9hzngFwY
  • Replit Blog https://blog.replit.com/
  • Amjad TED Talk https://youtu.be/kCudFI4tcpg?si=l4ViCejV_f2RZkDi

Interviewing + Culture at Replit

  • Operating Principles https://blog.replit.com/operating-principles
  • Reasons not to work at Replit https://blog.replit.com/reasons-not-to-join-replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

About Replit

Replit logo

Replit

DevopsHires remote

52 other open roles at Replit on TryApplyNow.

Frequently Asked Questions

How do I apply for the Security Operations Lead position at Replit?

Use the Apply button above to submit your application directly to Replit. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Is the Security Operations Lead role at Replit remote?

Yes. This is a remote role. The team is based in Foster City, but the position itself does not require relocating to that office.

What does a Security Operations Lead at Replit earn?

Replit has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Security Operations Lead role at Replit posted?

This role was posted on July 10, 2026 (today). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

How much experience does the Security Operations Lead role at Replit require?

This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Replit lists their specific requirements in the description below, so review the must-have qualifications closely before applying.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start