Replit21.04.2026
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Полная занятостьУдалёнка
Обязанности
- 01Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
- 02Independently validate, reproduce, severity-score, and document findings
- 03Identify duplicates and maintain a clean vulnerability records pipeline
- 04Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
- 05Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
- 06Provide detailed reproduction steps, proof-of-concepts, and technical analyses
- 07Track SLAs, remediation progress, regression testing, and systemic improvements
- 08Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
- 09Design and evolve the bug bounty program, including scope, rules, and reward structures
- 10Manage platform selection, private vs. public launches, and community engagement
- 11Communicate clearly with researchers, provide clarifications, and handle feedback or disputes
- 12Determine reward payouts, bonus decisions, and recognition for top contributors
- 13Lead the coordinated vulnerability disclosure process for internal and external findings
- 14Negotiate disclosure timelines with researchers and partners
- 15Coordinate CVE assignments and publications, and prepare customer/public advisories
Требования
- 01Experience running or triaging for bug bounty programs (HackerOne ideally)
- 02Strong ability to triage, validate, and reproduce vulnerabilities independently
- 03Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc
- 04Familiarity with cloud platforms (GCP preferred) and SaaS architectures
- 05Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals
Условия
- 01Full-time role
- 02In-office requirement of Monday, Wednesday, and Friday at Foster City, CA office
- 03Competitive Salary & Equity
- 04401(k) Program with a 4% match
- 05Health, Dental, Vision and Life Insurance
- 06Short Term and Long Term Disability
- 07Paid Parental, Medical, Caregiver Leave
- 08Commuter Benefits
- 09Monthly Wellness Stipend
- 10Autonomous Work Environment
- 11In Office Set-Up Reimbursement
- 12Flexible Time Off (FTO) + Holidays
- 13Quarterly Team Gatherings
- 14In Office Amenities