security
Posted 3 weeks agoSecurity Engineer - Vuln Management (Code)
at Replit
Foster City, United StatesRemote
Responsibilities
- Review results and prioritize flaws based on CVSS scores, real-world exploitability, and system exposure. - Compliance-Driven Tracking: Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS).
- Maintain audit-ready evidence of remediation timelines and exception approvals. - Executive Reporting & Alerting: Escalate and report critical exposures directly to the CISO and senior leadership.
- Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture. - Software Supply Chain Security: Ownership of the organization's Software Bill of Materials (SBOM).
- Review, write, and patch code directly when necessary to resolve security flaws. - Tooling Integration: Configure and tune automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams. - Incident Response Support: Assist Incident Response teams during active breaches or security incidents.
Requirements
- experience in Application Security, DevSecOps, or Software Engineering roles. - Development Background: Solid foundational
- experience working in a software development capacity. - Code Literacy: Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go. - Build System Expertise: Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks. - AppSec Tooling Expertise: Hands-on
- experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx). - Compliance Awareness: Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.
- WHAT WE VALUE - Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
- - Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
Benefits
- Benefits Include: ๐ฐ Competitive Salary & Equity ๐น 401(k) Program with a 4% match (US Only) โ๏ธ Health, Dental, Vision and Life Insurance ๐ฉผ Short Term and Long Term Disability ๐ผ Paid Parental, Medical, Caregiver Leave ๐ Flexible Time Off (FTO) + Holidays ๐ Commuter