Engineering Manager, Anti-Abuse & Security

What You'll Do

• Build the anti-abuse roadmap from scratch: Define the threat model, prioritize across abuse vectors (phishing/scam hosting, cryptomining, token farming, payment fraud, AI agent exploitation), and translate it into a shipping plan with clear sequencing and tradeoffs.
• Design progressive verification and identity infrastructure: Build the "ladder of trust" that gates increasing platform capabilities behind escalating verification. Includes a humanity/identity layer distinct from user accounts, integrations with KYC-grade verification providers, and the policy engine that decides what level of trust unlocks what behavior.
• Ship as a hands-on EM: Stay in the code. Use the latest AI coding tools (including Replit Agent) to prototype detections, build internal tooling, and unblock your team.
• Define the metrics that matter: Establish the measurement foundation for anti-abuse (abuse rate, fraud loss, false positive rate, time-to-detect, time-to-mitigate, verification step-up conversion) and build the data pipelines and dashboards to track them.
• Hire and grow a small, high-leverage team: Start with a couple of software engineers and data analysts and scale from there. Hire for ownership, adversarial thinking, and AI-native execution.
• Operate cross-functionally: Partner with Support on abuse escalations and triage workflows, with Legal on compliance and takedown processes, with Security on overlapping threat surfaces, with Infrastructure on detection and enforcement primitives, and with the Money and Growth teams on the fraud-vs-conversion tradeoffs.
• Make abuse economically unviable: Design adaptive friction systems that escalate verification only when risk signals warrant it.

What You'll Bring

• 6 to 10+ years of engineering experience with 2+ years managing teams, ideally in anti-abuse, trust and safety engineering, fraud, or an adjacent adversarial domain.
• A hands-on orientation: you still write code, review PRs, and prototype. Comfort using AI coding tools (Claude Code, Cursor, Replit Agent, or similar) as part of your daily workflow.
• Experience building detection and enforcement systems at scale: rules engines, ML-based risk scoring, reputation systems, identity and device signals, or similar.
• Experience with identity, KYC, or progressive verification systems is a significant plus.
• Strong product and metrics intuition. You've defined success metrics for ambiguous problems and built the data infrastructure to measure them.
• Experience operating cross-functionally with Support, Legal, Security, and Growth teams.
• Crisp written communication and the ability to build clarity in an ambiguous, 0-to-1 environment.

Nice to Have

• Experience with AI-native abuse vectors (prompt injection, LLM token farming, agent-driven abuse) or a track record of adapting quickly to novel threat categories.
• Familiarity with payment fraud, card testing, coupon abuse, referral abuse, or promotional abuse.
• Experience integrating KYC and identity verification providers (Prove, Persona, Socure, Stripe Identity, or similar).
• Experience at a consumer platform, developer tool, or cloud provider with meaningful abuse surface area.
• Background in security, trust and safety, or fraud prevention at a hypergrowth company.