# Security Engineer - Vuln Management (Infra)

**Company:** [Replit](https://hotfix.jobs/companies/replit)
**Location:** Foster City, CA
**Role:** Security Engineering
**Salary:** $210k – $270k/yr
**Experience:** 5+ years
**Skills:** GCP, AWS, Azure, Terraform, Pulumi, Docker, Kubernetes, GKE, EKS, Wiz, Orca, Prisma Cloud, Lacework, Checkov, Tfsec
**Posted:** 2026-05-26

> Mid-level Infrastructure Vulnerability Management Engineer responsible for cloud security posture, IaC scanning, container vulnerability management, and compliance tracking across multi-cloud environments. Requires 5+ years in cloud security/DevSecOps with deep GCP expertise.

## Job Description

## Core Responsibilities

**Infrastructure Scanning & Triage**
- Perform continuous security scanning across cloud posture and workloads
- Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure

**Posture Management & Visibility**
- Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools
- Ensure uniform compliance, prevent data leakage, and maintain hardened baselines

**Infrastructure-as-Code (IaC) Security**
- Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines
- Identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before production deployment

**Workload & Container Security**
- Manage continuous vulnerability scanning lifecycle for container images, registries, and VMs
- Partner with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines

**Compliance-Driven Tracking**
- Track, document, and manage infrastructure vulnerabilities according to compliance SLAs (SOC 2, ISO 27001, PCI-DSS)
- Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals

**Executive Reporting & Alerting**
- Escalate and report critical production exposures directly to CISO and senior leadership
- Maintain dashboards and alerting mechanisms for infrastructure risk trends and cloud compliance posture

**Remediation Collaboration**
- Partner with SRE, DevOps, and Platform teams to provide infrastructure mitigation paths
- Assist in writing, reviewing, or modifying cloud configuration templates to resolve security flaws

**Incident Response Support**
- Assist Incident Response teams during active cloud or host-level breaches
- Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures

## Required Skills & Experience

- 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles
- Strong foundational experience with multi-cloud environments (Deep GCP expertise preferred, working knowledge of AWS or Azure)
- Hands-on experience with infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or GCP Security Command Center
- Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows
- Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS
- Deep understanding of Docker/container security and Kubernetes architectures (GKE, EKS), including runtime security, network policies, and workload identity
- Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST

## What We Value

- Systems Thinking: Ability to see the "big picture" and understand how security decisions impact the entire stack
- Technical Influence: Drive technical alignment across the organization through expertise and collaboration
- Autonomy: Comfortable leading major technical initiatives with minimal oversight
- Problem-Solving Mindset: Passion for breaking down complex security challenges into elegant, scalable engineering solutions

## Similar roles

- [Security Engineer - Vuln Management (Code)](https://hotfix.jobs/jobs/cd80bf4a-c5e4-4ca3-b4b4-bb639880e535) - Replit - Foster City, CA - $210k – $270k/yr
- [Software Engineer - Security](https://hotfix.jobs/jobs/f469195d-2a11-4426-8a73-c0c8b536199d) - Perplexity - San Francisco, CA - $210k – $385k/yr
- [Security Engineer, Cloud](https://hotfix.jobs/jobs/7aa4f9aa-c59f-41f0-b53a-e26a4a72d353) - Ramp - New York, NY - $211k – $291k/yr
- [Model Policy Manager](https://hotfix.jobs/jobs/bac0d405-d3ff-4dcd-8863-ec873984db44) - OpenAI - San Francisco, CA - $207k – $295k/yr
- [Model Policy, Frontier Cyber Risk](https://hotfix.jobs/jobs/dab87480-ab22-4c1a-b251-121dd5af1445) - OpenAI - San Francisco, CA - $207k – $295k/yr

**Apply:** https://hotfix.jobs/jobs/05cc9fc9-4eb5-4cb5-9acc-a826869df1e0
**Canonical:** https://hotfix.jobs/jobs/05cc9fc9-4eb5-4cb5-9acc-a826869df1e0