Skip to content
CrusoeCrusoeSan Francisco, CA

Staff Product Security Engineer

Leads advanced penetration testing, red team operations, and AI/ML security research to secure applications, infrastructure, and distributed AI systems including LLMs and Kubernetes environments. Requires 8-10 years offensive security experience and strong software engineering in Go/Python/Rust.

250k – 285k
On-site8+ YOESecurity Engineering

About the role

What You’ll Be Working On

  • Performing advanced manual penetration testing across complex applications, infrastructure, Kubernetes environments, and distributed microservice ecosystems
  • Leading offensive security initiatives including red team operations, adversary simulation, and security research
  • Securing AI/ML systems end-to-end, including LLM pipelines, vector databases, RAG architectures, and agentic workflows
  • Identifying and researching novel attack surfaces unique to LLMs and autonomous systems, contributing to internal and external AI security research
  • Influencing secure system design across the SDLC, embedding security into CI/CD pipelines, container images, and deployment workflows
  • Integrating and operationalizing security tooling (SAST, DAST, SCA, container scanning) and driving remediation of complex application-layer vulnerabilities
  • Building internal security guardrails such as hardened base images, reusable libraries, and policy-as-code frameworks
  • Developing production-grade security tooling and leading cross-functional security programs from design through deployment

What You’ll Bring to the Team

  • 8-10 years of deep hands-on experience in offensive security, including manual penetration testing, red team operations, and adversary simulation
  • Familiarity with modern C2 frameworks (e.g., Cobalt Strike, Sliver, Havoc), exploit development, and security research
  • Strong expertise across the AI/ML stack, including MLOps, inference architectures, vector databases, RAG, and agentic frameworks (e.g., ReAct, Reflexion)
  • Experience building, deploying, and securing LLM pipelines and AI workflows in Kubernetes and/or bare-metal environments
  • Strong software engineering foundations with experience shipping production code in Go, Python, or Rust
  • Hands-on experience securing Kubernetes, containers, VMs, and CI/CD environments
  • Deep understanding of application security vulnerabilities, secure coding practices, and distributed system design
  • Demonstrated ability to lead complex, cross-functional security initiatives end-to-end
  • Strong communication skills with the ability to influence both engineering teams and executive stakeholders

Bonus Points

  • Public contributions to offensive security or AI security research (talks, blogs, tooling, CVEs, etc.)
  • Experience building internal red team or adversary simulation programs
  • Background in high-performance computing, AI infrastructure, or cloud-native platform security
  • Experience designing policy-as-code frameworks at scale

Benefits

  • Competitive compensation
  • Restricted Stock Units
  • Paid time off & paid holidays
  • Comprehensive health, dental & vision insurance
  • Employer contributions to HSA account
  • Paid parental leave
  • Paid life insurance, short-term and long-term disability
  • Professional development & tuition reimbursement
  • Mental health & wellness support
  • Commuter benefits (parking & transit)
  • Cell phone stipend
  • 401(k) Retirement plan with company match up to 4% of salary

Compensation Range: up to $250,000 - $285,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's knowledge, education, and abilities, as well as internal equity and alignment with market data.

Skills

KubernetesPenetration TestingRed Team OperationsCobalt StrikeLLMsMLOpsRAGGoPythonRustCI/CDSASTDASTScaPolicy As Code
Replit

Staff Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Trust & Safety

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems at Replit to combat phishing, cryptomining, prompt injection, and other platform abuse at scale. Requires 8+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

250k – 315k
Hybrid8+ YOESecurity Engineering
Fluidstack

Staff Incident Responder

FluidstackSan Francisco, CA +1

Senior-most incident commander building and operating Fluidstack's Detection & Response Engineering program. Defines runbooks, leads material incidents across IT/OT/physical surfaces, and sets standards for agent-first IR at scale.

250k – 350k
On-siteSecurity Engineering
Discord

Staff Software Engineer, Platform Security

DiscordUnited States

Staff Software Engineer leading platform security initiatives, building secure IAM systems, cloud infrastructure baselines, and supply chain security tools. Requires 5+ years in production systems, software development in Python/Rust, and securing large-scale cloud environments.

248k – 279k
Remote5+ YOESecurity Engineering