Senior-most incident commander building and operating Fluidstack's Detection & Response Engineering program. Defines runbooks, leads material incidents across IT/OT/physical surfaces, and sets standards for agent-first IR at scale.
250k – 350k
On-siteSecurity Engineering
About the role
What you’ll do
Run material incidents as incident commander, coordinating across detection, response, physical security, data center operations, legal, communications, and customers.
Build the IR program: runbook standards, severity definitions, materiality methodology, evidence contracts, and post-incident review cadence.
Define the agent-human contract for response: escalation criteria, evidence packages required from agents, and human verdict feedback into agent quality.
Design and operate the senior-IR on-call rotation (ack SLAs, escalation chain, fan-out logic) and remain an active senior IC inside it.
Analyze incident trends and patterns to surface systemic risks and recurring root causes, and turn the learnings into runbook, detection, or program improvements.
Drive cross-functional follow-through after every significant incident, tracking remediation and systemic fixes to completion across detection, response, infrastructure, and other teams.
Define and track the IR program’s KPIs and report on them to security and engineering leadership.
Set the tabletop and exercise cadence for IR readiness, executive crisis-comms, and audit-readiness drills.
Carry the external face of IR for regulatory and customer disclosure obligations, and audit responses.
About You
You have run material incidents at companies with sophisticated threat models, as the most senior commander on the call.
You have made disclosure-grade calls under regulatory and customer reporting clocks.
You have written runbooks that other engineers followed under pressure, and rewritten them after they did not work.
You have built operational processes from the ground up in environments where structure did not previously exist.
You read the agent-first thesis as one of the most interesting design choices in incident response today.
You have well-founded opinions on what makes a runbook actually used or an incident response process actually effective.
You move fluently between technical containment and executive, legal, or customer-facing conversations during a declared incident.
You see what is needed, scope it yourself, and run with it.
Strong Candidates May Also Have
Experience running incidents that bridge cyber, physical, and OT or ICS surfaces.
Experience at critical-infrastructure operators, data centers, or industrial environments.
Experience designing or operating agent-augmented incident response, including triage, investigation, or response automation.
Experience tuning LLM-based IR systems against measured precision and recall.
Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Software Engineer, Trust & Safety
ReplitFoster City, CA
Build and operate AI-powered abuse detection systems at Replit to combat phishing, cryptomining, prompt injection, and other platform abuse at scale. Requires 8+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Product Security Engineer
CrusoeSan Francisco, CA
Leads advanced penetration testing, red team operations, and AI/ML security research to secure applications, infrastructure, and distributed AI systems including LLMs and Kubernetes environments. Requires 8-10 years offensive security experience and strong software engineering in Go/Python/Rust.
250k – 285k
On-site8+ YOESecurity Engineering
Staff Software Engineer, Platform Security
DiscordUnited States
Staff Software Engineer leading platform security initiatives, building secure IAM systems, cloud infrastructure baselines, and supply chain security tools. Requires 5+ years in production systems, software development in Python/Rust, and securing large-scale cloud environments.