Skip to content
ReplitReplitFoster City, CA

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Leads vulnerability response for cloud-native AI platform, managing intake, triage, validation, remediation coordination, and bug bounty programs. Requires expertise in reproducing web/app/cloud vulnerabilities and operating disclosure processes.

180k – 325k/yr
HybridSecurity Engineering

About the role

What You’ll Do

Vulnerability Intake, Triage & Validation

  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).

Remediation Coordination & SLA Management

  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.

Bug Bounty & Vulnerability Disclosure Program Management

  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.

Coordinated Disclosure & CVE Management

  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills

  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have

  • Scripting or automation experience (Python, Go, Bash).
  • Pentesting background or exposure to offensive security work.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
  • Experience authoring public advisories or CVE writeups.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

Skills

HackeroneOwasp Top 10GCPCI/CDPythonGoBashSOC 2ISO 27001SIEMCloud LoggingOAuthOIDCCvePentesting
Lightning AI

Network Security Engineer

Lightning AISan Francisco, CA +1

Designs and implements network security architectures using firewalls, VPNs, and IDS/IPS. Conducts vulnerability assessments, monitors threats with SIEM tools, ensures compliance, and automates security responses. Requires expertise in security tools and certifications like CISSP.

180k – 220k/yr
HybridSecurity Engineering
xAI

Security Engineer - Azure Government

xAIPalo Alto, CA +1

Designs, implements, and maintains security controls in Azure Gov Cloud, focusing on threat detection, identity management, network security, and compliance with FedRAMP/CMMC. Requires 3+ years cloud security experience, Azure expertise, US security clearance eligibility, and scripting proficiency.

180k – 440k/yr
Hybrid3+ YOESecurity Engineering
OpenAI

Security Engineer, Infrastructure Security

OpenAISan Francisco, CA +3

Designs and builds security controls for infrastructure including GPU clusters, multi-cloud setups, datacenters, Kubernetes, and networks to protect AI models and data from advanced threats. Requires deep security expertise, cloud platform knowledge, and proactive problem-solving across on-prem and cloud environments.

184k – 385k/yr
RemoteSecurity Engineering
OpenAI

Software Engineer, Infrastructure Security

OpenAISan Francisco, CA +2

Designs and builds production-grade security services like auth systems, proxies, and key management for OpenAI's GPU clusters, multi-cloud infrastructure, and AI workloads. Requires strong software engineering in Python/Go/Rust, experience with critical security infra, and cloud security expertise.

184k – 385k/yr
RemoteSecurity Engineering
Ramp

Security Engineer, Privacy

RampNew York, NY +1

Build privacy-focused primitives, integrate into products, partner on secure designs, and manage data retention/anonymization while tracking legal standards. Requires 4+ years software experience, 2+ years in privacy/security.

185k – 375k/yr
Hybrid4+ YOESecurity Engineering