Replit21.04.2026

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Полная занятостьУдалёнка

Обязанности

  • 01Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
  • 02Independently validate, reproduce, severity-score, and document findings
  • 03Identify duplicates and maintain a clean vulnerability records pipeline
  • 04Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
  • 05Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
  • 06Provide detailed reproduction steps, proof-of-concepts, and technical analyses
  • 07Track SLAs, remediation progress, regression testing, and systemic improvements
  • 08Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
  • 09Design and evolve the bug bounty program, including scope, rules, and reward structures
  • 10Manage platform selection, private vs. public launches, and community engagement
  • 11Communicate clearly with researchers, provide clarifications, and handle feedback or disputes
  • 12Determine reward payouts, bonus decisions, and recognition for top contributors
  • 13Lead the coordinated vulnerability disclosure process for internal and external findings
  • 14Negotiate disclosure timelines with researchers and partners
  • 15Coordinate CVE assignments and publications, and prepare customer/public advisories

Требования

  • 01Experience running or triaging for bug bounty programs (HackerOne ideally)
  • 02Strong ability to triage, validate, and reproduce vulnerabilities independently
  • 03Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc
  • 04Familiarity with cloud platforms (GCP preferred) and SaaS architectures
  • 05Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals

Условия

  • 01Full-time role
  • 02In-office requirement of Monday, Wednesday, and Friday at Foster City, CA office
  • 03Competitive Salary & Equity
  • 04401(k) Program with a 4% match
  • 05Health, Dental, Vision and Life Insurance
  • 06Short Term and Long Term Disability
  • 07Paid Parental, Medical, Caregiver Leave
  • 08Commuter Benefits
  • 09Monthly Wellness Stipend
  • 10Autonomous Work Environment
  • 11In Office Set-Up Reimbursement
  • 12Flexible Time Off (FTO) + Holidays
  • 13Quarterly Team Gatherings
  • 14In Office Amenities