# Product Security Architect

**Company:** [Replit](https://hotfix.jobs/companies/replit)
**Location:** Foster City, CA
**Role:** Security Engineering
**Salary:** $250k – $380k/yr
**Experience:** 8+ years
**Skills:** Python, Go, JavaScript, OAuth, OIDC, SAML, Mtls, RBAC, Threat Modeling, Tenant Separation, Byok, API Design, Multi-Tenant Saas
**Posted:** 2026-05-13

> Defines and implements secure architecture for multi-tenant SaaS platform, leads threat modeling, mentors engineering teams on security best practices, and conducts code reviews. Requires 8+ years in product security with expertise in auth protocols and SaaS security.

## Job Description

## What You'll Do

### Product Security Strategy & Mentorship
- Serve as the primary security mentor and subject matter expert for engineering teams, fostering a culture of technical excellence and rigorous security design.
- Define the product security vision, ensuring consistency across complex application architecture projects.
- Lead the security implementation of new product features from initial design to final production deployment.
- Conduct proactive threat modeling for new product features and major architectural changes.
- Define and enforce best practices around application security, including audit/application logging, configuration, tenant separation, encryption, customer BYOK, RBAC design, API design, and Session/cookie/token management.
- Define and implement secure Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) for multi-tenant SaaS products.
- Assess and mitigate risks associated with application third-party integrations such as payment, AI models, code repositories, etc.
- Apply a strong programming background (**Python/Go/JavaScript**) to perform hands-on code reviews when needed to validate security controls.

### Risk Management & Cross-Functional Enablement
- Define and maintain (document) the authoritative "Source of Truth" for Replit’s secure architecture, ensuring these patterns are consistently adopted across all engineering teams.
- Actively identify, document, and quantify architectural security risks. Responsible for ensuring these are accurately reflected in the Cybersecurity Risk Register.
- Support other security teams like GRC, Pentesting, Vulnerability Management, and PSIRT.
- Partner with GRC teams to translate complex architectural designs into clear, audit-ready documentation and control frameworks.
- Act as the technical bridge for the Sales team, addressing complex security inquiries from enterprise customers regarding Replit's architectural integrity.

## Required Skills & Experience
- 8+ years of experience in product security engineering or architecture, specifically with Multi-tenant SaaS products.
- Experience with AI Agent-based SaaS products is a plus.
- Deep expertise in common product security practices (e.g., tenant separation, **RBAC**, **BYOK**, secure API design, session/token management).
- Expertise in Authentication/Authorization protocols (**mTLS/OIDC/OAuth/SAML**) in a multi-tenant SaaS environment.
- Strong programming background (**Python/Go/JavaScript**) with proven ability to conduct code review.
- Experience writing and maintaining Architecture documents.
- Exceptional ability to communicate technical risk to both engineering and executive audiences.
- Strong track record of contributing to Cybersecurity Risk Register.

## What We Value
- Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
- Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
- Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.
- Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

## Similar roles

- [Senior Manager, Enterprise Security](https://hotfix.jobs/jobs/7138cee3-79a4-4d53-96fd-ae5b31046ab1) - Abridge - San Francisco, CA - $240k – $299k/yr
- [Security Engineer](https://hotfix.jobs/jobs/8152ef3a-1ca1-4080-b871-79761cccbf27) - Cognition - San Francisco, CA - $260k – $300k/yr
- [Sr. Manager, Security Engineering](https://hotfix.jobs/jobs/069e792c-a9a5-436e-9e3c-b60b7961dc12) - Material Security - Remote - $240k – $280k/yr
- [Lead Security Engineer](https://hotfix.jobs/jobs/0de74172-23b4-4559-a2bd-d55708141fe4) - Hinge Health - San Francisco, CA - $239k – $263k/yr
- [Systems Software Engineer, Security, First Party Hardware](https://hotfix.jobs/jobs/5aa1f4d4-0fc1-457f-b101-6b328345a43a) - OpenAI - San Francisco, CA - $266k – $445k/yr

**Apply:** https://hotfix.jobs/jobs/fc2c8fc8-cafc-4107-abb9-294585a9ee20
**Canonical:** https://hotfix.jobs/jobs/fc2c8fc8-cafc-4107-abb9-294585a9ee20