Security Engineer - Vuln Management (Infra)

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. About the Role We are seeking a mid-level Infrastructure Vulnerability Management Engineer with a strong background in Cloud Security, DevSecOps, and Infrastructure-as-Code (IaC). In this role, you will bridge the gap between security, compliance, DevOps, and Platform engineering teams. You will identify infrastructure misconfigurations, secure multi-cloud environments, and manage continuous vulnerability lifecycles across cloud workloads, containers, and data repositories to satisfy strict regulatory compliance frameworks. You will also serve as a technical infrastructure responder during security incidents, deploying real-time cloud or network countermeasures to protect our production ecosystem. What You'll Do Core

Responsibilities

Infrastructure Scanning & Triage: Perform continuous security scanning across our cloud posture and workloads. Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure. Posture Management & Visibility : Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools to ensure uniform compliance, prevent data leakage, and maintain hardened baselines. Infrastructure-as-Code (IaC) Security: Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines to identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before they are deployed to production. Workload & Container Security: Manage the continuous vulnerability scanning lifecycle for container images, registries, and Virtual Machines (VMs), partnering with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines. Compliance-Driven Tracking: Track, document, and manage infrastructure vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS). Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals. Executive Reporting & Alerting: Escalate and report critical production exposures directly to the CISO and senior leadership. Maintain dashboards and alerting mechanisms that visualize infrastructure risk trends and cloud compliance posture. Remediation Collaboration: Partner with SRE, DevOps, and Platform teams to provide clear infrastructure mitigation paths. Assist in writing, reviewing, or modifying cloud configuration templates directly when necessary to resolve security flaws. Incident Response Support: Assist Incident Response teams during active cloud or host-level breaches. Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures to contain threats. Required Skills & Experience Experience : 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles. Cloud Infrastructure Depth : Strong foundational experience working with multi-cloud environments (Deep GCP expertise preferred, with working knowledge of AWS or Azure). Posture Management & Scanning Tooling : Hands-on experience operating modern infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or cloud-native options (GCP Security Command Center). IaC and Automation Fluency : Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows. Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS. Containerization & Orchestration : Deep understanding of Docker/container security and Kubernetes architectures (e.g., GKE, EKS), including runtime security, network policies, and workload identity. Compliance Awareness : Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST. What We Value Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack. Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority. Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight. Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions. This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday. Full-Time Employee

Benefits

Include: 💰 Competitive Salary & Equity 💹 401(k) Program with a 4% match ( US Only ) ⚕️ Health, Dental, Vision and Life Insurance 🩼 Short Term and Long Term Disability 🚼 Paid Parental, Medical, Caregiver Leave 🏝 Flexible Time Off (FTO) + Holidays 🚗 Commuter Benefits ( In-Office Only ) 📱 Monthly Wellness Stipend 🧑‍💻 Autonomous Work Environment 🖥 In Office Set-Up Reimbursement ( In-Office Only ) 🚀 Quarterly Team Gatherings ☕ In Office Amenities ( In-Office Only ) Want to learn more about what we are up to? Meet the Replit Agent Replit: Make an app for that Replit Blog Amjad TED Talk Interviewing + Culture at Replit Operating Principles Reasons not to work at Replit To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.