Skip to content
ReplitReplitFoster City, CA

Security Engineer - Vuln Management (Infra)

Mid-level Infrastructure Vulnerability Management Engineer responsible for cloud security posture, IaC scanning, container vulnerability management, and compliance tracking across multi-cloud environments. Requires 5+ years in cloud security/DevSecOps with deep GCP expertise.

210k – 270k/yr
Hybrid5+ YOESecurity Engineering

About the role

Core Responsibilities

Infrastructure Scanning & Triage

  • Perform continuous security scanning across cloud posture and workloads
  • Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure

Posture Management & Visibility

  • Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools
  • Ensure uniform compliance, prevent data leakage, and maintain hardened baselines

Infrastructure-as-Code (IaC) Security

  • Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines
  • Identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before production deployment

Workload & Container Security

  • Manage continuous vulnerability scanning lifecycle for container images, registries, and VMs
  • Partner with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines

Compliance-Driven Tracking

  • Track, document, and manage infrastructure vulnerabilities according to compliance SLAs (SOC 2, ISO 27001, PCI-DSS)
  • Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals

Executive Reporting & Alerting

  • Escalate and report critical production exposures directly to CISO and senior leadership
  • Maintain dashboards and alerting mechanisms for infrastructure risk trends and cloud compliance posture

Remediation Collaboration

  • Partner with SRE, DevOps, and Platform teams to provide infrastructure mitigation paths
  • Assist in writing, reviewing, or modifying cloud configuration templates to resolve security flaws

Incident Response Support

  • Assist Incident Response teams during active cloud or host-level breaches
  • Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures

Required Skills & Experience

  • 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles
  • Strong foundational experience with multi-cloud environments (Deep GCP expertise preferred, working knowledge of AWS or Azure)
  • Hands-on experience with infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or GCP Security Command Center
  • Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows
  • Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS
  • Deep understanding of Docker/container security and Kubernetes architectures (GKE, EKS), including runtime security, network policies, and workload identity
  • Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST

What We Value

  • Systems Thinking: Ability to see the "big picture" and understand how security decisions impact the entire stack
  • Technical Influence: Drive technical alignment across the organization through expertise and collaboration
  • Autonomy: Comfortable leading major technical initiatives with minimal oversight
  • Problem-Solving Mindset: Passion for breaking down complex security challenges into elegant, scalable engineering solutions

Skills

GCPAWSAzureTerraformPulumiDockerKubernetesGKEEKSWizOrcaPrisma CloudLaceworkCheckovTfsec
Replit

Security Engineer - Vuln Management (Code)

ReplitFoster City, CA

Mid-level AppSec Vulnerability Management Engineer who identifies application vulnerabilities, manages SBOM and supply chain security, and drives compliance tracking for SOC 2, ISO 27001, and PCI-DSS. Requires 5+ years in AppSec/DevSecOps with strong coding skills in JS/TS, Python, and Go.

210k – 270k/yr
Hybrid5+ YOESecurity Engineering
Perplexity

Software Engineer - Security

PerplexitySan Francisco, CA

Builds security tools, automations, and AI agents to enhance detection, response, vulnerability management, and overall security posture. Requires 4+ years experience in software engineering with security focus, proficiency in Python/Go/TypeScript, and familiarity with SIEM/EDR/cloud systems.

210k – 385k/yr
On-site4+ YOESecurity Engineering
Ramp

Security Engineer, Cloud

RampNew York, NY +1

Build and enhance cloud security infrastructure, drive security roadmap, remediate issues, and partner with teams for secure deployments. Requires 5+ years software experience, 3+ years AWS with Terraform.

211k – 291k/yr
Hybrid5+ YOESecurity Engineering
OpenAI

Model Policy Manager

OpenAISan Francisco, CA

Defines and maintains policies for AI model behavior in high-risk domains like agentic systems and user safety. Collaborates with research, engineering, and product teams to operationalize policies into measurable safeguards using empirical data and red-teaming.

207k – 295k/yr
HybridSecurity Engineering
OpenAI

Model Policy, Frontier Cyber Risk

OpenAISan Francisco, CA

Develops and maintains AI model policies for high-risk cybersecurity domains, translating threat models into behavioral specifications, evaluations, and mitigations. Collaborates with research, engineering, and safety teams to ensure technically grounded, enforceable safeguards against dual-use risks.

207k – 295k/yr
HybridSecurity Engineering