Offensive Security Engineer

📋 Description

• • As a Senior-Level Offensive Security Engineer at Replit, you will embody the critical role of an "adversary-in-residence," acting as a high-impact threat to our cloud-native platform. Your primary mission will be to ensure the integrity and security of the code that underpins millions of user-created environments, safeguarding the world's most accessible software development platform.
• • This position demands a deep dive into our source code through advanced "whitebox" penetration testing engagements. You will meticulously inspect code to uncover systemic weaknesses, intricate logic flaws, and architectural vulnerabilities that automated tools often overlook. Your expertise will be crucial in identifying and mitigating complex security risks before they can be exploited by malicious actors.
• • You will simulate sophisticated adversary tactics across our entire cloud-native stack, including web applications, APIs, and containerized infrastructure. This involves leading comprehensive Red and Purple team exercises designed to mimic the actions of advanced attackers, understanding how an exploit at the code level can escalate to impact the broader infrastructure.
• • A significant aspect of your role will involve securing our cutting-edge AI-enabled systems. You will perform offensive testing on applications powered by Large Language Models (LLMs) and agentic AI workflows. This includes identifying and mitigating risks such as prompt injection, data leakage, and the potential for abuse of AI-driven components, ensuring the responsible and secure integration of AI into our platform.
• • Your responsibilities extend to advanced vulnerability research and chaining. You will not only identify individual vulnerabilities but also demonstrate their realistic business risk by chaining them together, showcasing how an attacker could move from an initial foothold at the application layer all the way down through our internal trust boundaries.
• • To enhance our security posture, you will contribute to the development of internal security frameworks and build AI-assisted testing tools. These tools will aim to automate the discovery of common bug classes, allowing you to focus your deep manual testing expertise on more complex and novel threats.
• • Collaboration is key in this role. You will work closely with product teams and security architects to clearly articulate the root causes of identified vulnerabilities. Your insights will directly influence the design guardrails for new features and help prioritize the triage of high-priority findings from our Bug Bounty program on HackerOne, ensuring timely and effective remediation.
• • This role offers a unique opportunity to be at the forefront of securing a rapidly evolving platform that is democratizing software development. You will have the autonomy to shape security strategies, develop innovative testing methodologies, and directly contribute to the trust and reliability of Replit for millions of users worldwide.
• • You will be expected to maintain a deep understanding of modern application architectures, secure coding best practices, and common vulnerability patterns. Your ability to think like an attacker while possessing a strong engineering foundation will be paramount to your success.
• • The hybrid work model, with in-office presence required on Mondays, Wednesdays, and Fridays, allows for a blend of collaborative team interaction and focused individual work, fostering a dynamic and productive environment.
• • Ultimately, you will be the guardian of Replit's code integrity, ensuring that as we empower the next generation of developers, we do so within the most secure and robust environment possible.