🛠 Tech Stack

💼 About This Role

You'll lead the vulnerability response program for Replit's cloud-native AI platform, owning the lifecycle of security vulnerabilities from intake to disclosure. You'll work closely with Engineering, Cloud Security, and SRE to ensure vulnerabilities are fixed quickly and communicated responsibly. This role offers the chance to manage bug bounty programs and coordinate CVE assignments.

🎯 What You'll Do

• Manage intake from bug bounty platforms and validate findings
• Work with engineering teams to drive remediation and track SLAs
• Design and evolve the bug bounty program scope and rewards
• Coordinate CVE assignments and publish customer advisories

📋 Requirements

• Experience running or triaging for bug bounty programs (HackerOne)
• Ability to independently triage, validate, and reproduce vulnerabilities
• Deep understanding of web/app/cloud vulnerability classes and OWASP Top 10
• Familiarity with cloud platforms (GCP preferred) and SaaS architectures

✨ Nice to Have

• Scripting or automation experience in Python, Go, or Bash
• Pentesting background or exposure to offensive security work
• Experience authoring public advisories or CVE writeups

🎁 Benefits & Perks

• 💰 Competitive Salary & Equity
• 📱 Monthly Wellness Stipend
• 🏝 Flexible Time Off + Holidays
• 🚼 Paid Parental, Medical, Caregiver Leave
• 🖥 In Office Set-Up Reimbursement

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Phone Screen· 30 min
2. 2Technical Interview· 60 min
3. 3Onsite Interview· 120 min