Replit

Offensive Security Engineer

Foster City, CA

Found: June 17, 2026

⚠️ This job posting is no longer active and may not be accepting applications. Browse similar live jobs below, or see all current Replit jobs.

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

About the role

We are looking for a senior-level Offensive Security Engineer to serve as a high-impact "adversary-in-residence" for Replit’s cloud-native platform. At Replit, security isn't just about perimeter defense; it’s about the integrity of the code that powers millions of environments.

In this role, you will lead advanced "whitebox" penetration testing engagements—diving deep into our source code to identify systemic weaknesses, logic flaws, and architectural gaps. You will simulate sophisticated adversary tactics across our web applications, APIs, and containerized infrastructure, ensuring that our AI-integrated development environment remains the most secure place for the world’s software to live.

What You'll Do

  • Lead Whitebox Penetration Testing: Execute end-to-end testing with full access to source code. You will perform manual code-level inspections to uncover complex logic flaws and authorization bypasses that automated tools miss.
  • Simulate Adversarial Attacks: Conduct Red and Purple team engagements across our cloud-native stack (K8s, Docker), simulating how a sophisticated actor might move from a code-level exploit to infrastructure-wide impact.
  • Secure AI-Enabled Systems: Perform offensive testing on LLM-backed applications and agentic AI workflows, focusing on prompt injection, data leakage, and abuse of AI-driven components.
  • Vulnerability Research & Chaining: Identify, exploit, and demonstrate realistic business risk by chaining vulnerabilities—from the application layer down through our internal trust boundaries.
  • Build Offensive Tooling: Contribute to internal security frameworks and build AI-assisted testing tools to automate the discovery of common bug classes while maintaining deep manual testing depth.
  • Partner with Engineering: Work closely with product teams and security architects to explain root causes, influence design guardrails, and triage high-priority findings from our Bug Bounty (HackerOne) program.

Required Skills & Experience

  • Experience: 7+ years of hands-on experience in penetration testing, offensive security, or vulnerability research.
  • Code Fluency: You are a practitioner of whitebox testing. You can navigate large codebases and have a deep understanding of modern application architectures and secure coding pitfalls.
  • Cloud-Native Context: You are comfortable in a cloud-native environment. While your focus is the code, you understand how it interacts with Kubernetes, Docker, and hybrid cloud infrastructure.
  • Engineering Skills: Strong proficiency in Go, Python, or TypeScript. You should be capable of writing custom scripts, payloads, and proof-of-concept exploits.
  • Adversarial Mindset: You enjoy the "hunt" and have a proven track record of manual exploitation beyond automated scanners.
  • Communicator: You can translate a complex code-level exploit into a clear narrative that helps engineering teams understand risk and prioritize fixes.

Bonus Qualifications

  • Public recognition on platforms like HackerOne or Bugcrowd.
  • Experience building or extending AI-based security testing tools.
  • Background in incident response or detection engineering from the defensive side.
  • Published CVEs or security research in the cloud-native or AI space.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Get jobs like this in your inbox daily

Fresh FAANG jobs, every day, filtered for your role and location.

Apple Google Amazon Meta OpenAI Microsoft Nvidia Stripe TikTok Netflix Uber Airbnb Booking Spotify Canva Pinterest
or use email

Similar Big Tech Jobs - Posted in the Past 24h

🔍 Google

Security Engineer, Google Distributed Cloud Air-Gapped Compliance

place Sunnyvale, CA, USA ; Kirkland, WA, USA ; +1 more
🔍 Google

Senior Security Engineer, Agentic Red Team, DeepMind

place Mountain View, CA, USA ; New York, NY, USA ; +1 more
Stanislav Prigodich

Hey, I'm Stan

Software Developer & Creator of Top Jobs Today

I'm a software developer, and over time I realized I cared mostly about roles at big tech companies - not just whatever happened to show up on LinkedIn or generic job boards. But those sources weren't enough - some roles were delayed, or never posted at all.

So I built this website to solve that. It scrapes fresh job postings directly from official company sites, figures out what kind of roles they really are, and sends them as email alerts - simple, fast, and focused.

Hope it makes your search easier too. Wishing you the best of luck - and I'm really glad you're here!