Product Security Architect

Product Security Architect

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

We are looking for a Product Security Architect to serve as the subject matter expert for Replit's secure product blueprint. In this critical role, you will define and implement the application security architecture for our multi-tenant SaaS platform, ensuring our platform is resilient and secure by design. You will be a key technical contributor—leading high-impact security initiatives and providing deep subject matter expertise to both the engineering organization and executive leadership.

Product Security Strategy & Mentorship

• Security Mentorship: Serve as the primary security mentor and subject matter expert for engineering teams, fostering a culture of technical excellence and rigorous security design.

• Product Vision: Define the product security vision, ensuring consistency across complex application architecture projects.

• Project Execution: Lead the security implementation of new product features from initial design to final production deployment.

• Threat Modeling: Conduct proactive threat modeling for new product features and major architectural changes.

• Application Security Design: Define and enforce best practices around application security, including audit/application logging, configuration, tenant separation, encryption, customer BYOK, RBAC design, API design, and Session/cookie/token management.

• Identity & Access: Define and implement secure Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) for multi-tenant SaaS products.

• Third-Party Risk: Assess and mitigate risks associated with application third-party integrations such as payment, AI models, code repositories, etc.

• Code Review: Apply a strong programming background (Python/Go/JavaScript) to perform hands-on code reviews when needed to validate security controls.

Risk Management & Cross-Functional Enablement

• Maintain the Source of Truth: Define and maintain (document) the authoritative "Source of Truth" for Replit's secure architecture, ensuring these patterns are consistently adopted across all engineering teams.

• Contribution to Risk Register: Actively identify, document, and quantify architectural security risks. You will be responsible for ensuring these are accurately reflected in the Cybersecurity Risk Register.

• Security Team Support: Support other security teams like GRC, Pentesting, Vulnerability Management, and PSIRT.

• Compliance & Documentation: Partner with GRC teams to translate complex architectural designs into clear, audit-ready documentation and control frameworks.

• GTM & Sales Support: Act as the technical bridge for the Sales team, addressing complex security inquiries from enterprise customers regarding Replit's architectural integrity.

Required Skills & Experience

• 8+ years of experience in product security engineering or architecture, specifically with Multi-tenant SaaS products.

• Experience with AI Agent-based Saas products is a plus.

• Deep expertise in common product security practices (e.g., tenant separation, RBAC, BYOK, secure API design, session/token management).

• Expertise in Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) in a multi-tenant SaaS environment.

• Strong programming background (Python/Go/JavaScript) with proven ability to conduct code review.

• Experience writing and maintaining Architecture documents.

• Exceptional ability to communicate technical risk to both engineering and executive audiences.

• Strong track record of contributing to Cybersecurity Risk Register.

What We Value

• Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.

• Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.

• Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.

• Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

• Competitive Salary & Equity
• 401(k) Program with a 4% match (US Only)
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Flexible Time Off (FTO) + Holidays
• Commuter Benefits (In-Office Only)
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement (In-Office Only)
• Quarterly Team Gatherings
• In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

• Meet the Replit Agent
• Replit: Make an app for that
• Replit Blog
• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles
• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.