Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.
210k – 240k/yr
On-site8+ YOESecurity Engineering
About the role
Responsibilities
Design and implement security controls across all environments — network segmentation and firewalling, IDS/IPS, and traffic analysis on our on-prem Kubernetes platform.
Build and enforce host security: EDR, kernel telemetry, hardening, and baseline implementation across the fleet.
Own identity and access — AuthN/AuthZ, RBAC, and service identity — grounded in OIDC, SAML, and mTLS.
Stand up incident-detection pipelines (SIEM, metrics, endpoint telemetry) tuned to surface high-signal threats over noise.
Lead incident response end to end: triage, containment, recovery, root-cause analysis, and forensics.
Keep the focus on enablement over restriction — effective security, not compliance for its own sake — while balancing IP protection, customer-data protection, and broad internal information sharing.
Partner with Legal and the CISO to obtain the compliance certifications we need and to answer customer questions about the security of our systems.
Hire and mentor as the security function grows.
Requirements
8+ years in security engineering, infrastructure, or related roles.
Strong Linux system security and networking (SSH certificates, directory-based authentication).
Real experience securing on-prem environments, not only public cloud.
Proven track record leading real-world incidents, with familiarity with attacker techniques (lateral movement, persistence, exfiltration).
Hands-on depth in EDR, IDS/IPS, and SIEM.
Strong command of OIDC, SAML, mTLS, and cryptography-based storage security.
Comfort writing code, automation, and tooling in Python or similar.
Configuration management via IaC (Terraform, Ansible).
The judgment to distinguish high-signal threats from noise, make pragmatic tradeoffs in a fast-moving company, and communicate effectively with technical stakeholders.
Nice-to-Haves
High-performance or distributed-compute experience (HPC, GPU clusters).
Identity-aware proxies or zero-trust architectures.
Third Party Risk Management and Customer Trust Lead
ReplitFoster City, CA
Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.
210k – 270k/yr
Hybrid8+ YOESecurity Engineering
Sr. Engineering Manager, Application Security
BettermentNew York, NY
Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.
210k – 250k/yr
Hybrid7+ YOESecurity Engineering
Senior Software Engineer, Fraud
ReplitFoster City, CA
Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.
210k – 265k/yr
Hybrid4+ YOESecurity Engineering
Senior Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.
210k – 265k/yr
Hybrid4+ YOESecurity Engineering
Senior Software Engineer, Trust & Safety
ReplitFoster City, CA
Build and operate AI-powered abuse detection and response systems for a developer platform. Focus on LLM guardrails, fraud detection, and automated enforcement across millions of daily actions.