Builds and automates GRC systems for compliance-as-code, manages risk registers, and collaborates with engineering, legal, sales, and auditors to enable secure enterprise growth. Requires 8+ years in GRC/security with cloud fluency and automation experience.
210k – 320k/yr
Hybrid8+ YOESecurity Engineering
About the role
What You'll Do
Technical Excellence & Architecture
Act as a technical subject matter expert for the GRC team. Drive quality, technical depth, and operational efficiency in security controls.
Own the technical vision for Replit’s GRC program, moving from manual workflows to "Compliance-as-Code" and automated evidence collection.
Champion a culture of security and privacy across the company, educating teams on controls.
Cross-Functional Collaboration
Partner with Architects and Engineering Leads to "bake in" compliance requirements early in design phase.
Work with Legal Counsel on Privacy (GDPR, CCPA) and AI regulations (e.g., EU AI Act).
Enable Sales team by managing Customer Trust Center and handling security questionnaires.
Own relationships with external auditors.
Risk Management & Strategic Compliance
Operate the Cybersecurity Risk Register: identify, quantify, and track risks.
Manage compliance posture across SOC 2, ISO 27001; prepare for FedRAMP, ITAR, PCI, HIPAA.
Apply pragmatic governance, prioritizing real risks over "compliance theater."
Automation & Efficiency
Drive shift to continuous monitoring and automate audit work.
Architect scalable framework for third-party vendor and AI model provider assessments.
Required Skills & Experience
8+ years in GRC or Information Security.
Technical fluency in engineering, cloud (GCP, AWS), and security architecture.
Deep experience with SOC 2, ISO 27001, PCI, HIPAA, and Privacy laws.
Strong communication to explain risks to technical, legal, and commercial stakeholders.
Experience with GRC automation tools (e.g., Vanta, Drata).
Third Party Risk Management and Customer Trust Lead
ReplitFoster City, CA
Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.
210k – 270k/yr
Hybrid8+ YOESecurity Engineering
Lead Security Engineer
AlembicSan Francisco, CA
Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.
210k – 240k/yr
On-site8+ YOESecurity Engineering
Sr. Engineering Manager, Application Security
BettermentNew York, NY
Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.
210k – 250k/yr
Hybrid7+ YOESecurity Engineering
Senior Software Engineer, Fraud
ReplitFoster City, CA
Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.
210k – 265k/yr
Hybrid4+ YOESecurity Engineering
Senior Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.