Security Engineer - Vuln Management (Code)
Replit
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
We are seeking a mid-level AppSec Vulnerability Management Engineer with a strong software development background. In this role, you will bridge the gap between security, compliance, and engineering teams. You will identify application vulnerabilities, maintain software supply chain security, and drive tracking to satisfy strict regulatory compliance frameworks. You will also serve as a technical responder during security incidents, deploying real-time countermeasures to protect our software ecosystem.
Vulnerability Scanning & Triage: Perform periodic application security scanning activities. Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture.
Software Supply Chain Security: Ownership of the organization's Software Bill of Materials (SBOM). Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking. Help Replit mature through various SLSA levels for supply chain security.
Configure and tune automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams.
Help develop and implement immediate, real-time code or infrastructure countermeasures.
Experience: 5 years of experience in Application Security, DevSecOps, or Software Engineering roles.
Solid foundational experience working in a software development capacity.
Code Literacy: Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go.
Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks.
Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx).
Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
In Office Set-Up Reimbursement (In-Office Only)
In Office Amenities (In-Office Only)
Replit: Make an app for that
Replit Blog
We are seeking a mid-level AppSec Vulnerability Management Engineer with a strong software development background. In this role, you will bridge the gap between security, compliance, and engineering teams. You will identify application vulnerabilities, maintain software supply chain security, and drive tracking to satisfy strict regulatory compliance frameworks. You will also serve as a technical responder during security incidents, deploying real-time countermeasures to protect our software ecosystem.
Vulnerability Scanning & Triage: Perform periodic application security scanning activities. Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture.
Software Supply Chain Security: Ownership of the organization's Software Bill of Materials (SBOM). Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking. Help Replit mature through various SLSA levels for supply chain security.
Configure and tune automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams.
Help develop and implement immediate, real-time code or infrastructure countermeasures.
Experience: 5 years of experience in Application Security, DevSecOps, or Software Engineering roles.
Solid foundational experience working in a software development capacity.
Code Literacy: Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go.
Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks.
Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx).
Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
In Office Set-Up Reimbursement (In-Office Only)
In Office Amenities (In-Office Only)
Replit: Make an app for that
Replit Blog
Vacancy posted more than 2 months ago
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Engineer - Vuln Management (Code). Be the first to apply!
Related searches
- health information management work from home Foster, CA
- senior director product management Foster, CA
- asset management Foster, CA
- sales management training program - entry level Foster, CA
- entry level management training Foster, CA
- care management associate Foster, CA
- management team Foster, CA
- construction management part time Foster, CA
- director talent management Foster, CA
- director of inventory management Foster, CA