security
Posted 2 weeks agoSecurity Engineer - Vuln Management (Infra)
at Replit
Foster City, United StatesRemote
Responsibilities
- Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure.
- Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals. - Executive Reporting & Alerting: Escalate and report critical production exposures directly to the CISO and senior leadership.
- Maintain dashboards and alerting mechanisms that visualize infrastructure risk trends and cloud compliance posture. - Remediation Collaboration: Partner with SRE, DevOps, and Platform teams to provide clear infrastructure mitigation paths.
Requirements
- ABOUT THE ROLE We are seeking a mid-level Infrastructure Vulnerability Management Engineer with a strong background in Cloud Security, DevSecOps, and Infrastructure-as-Code (IaC).
- - Posture Management & Visibility: Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools to ensure uniform compliance, prevent data leakage, and maintain hardened baselines.
- experience in Cloud Security, DevSecOps, or Systems Engineering roles. - Cloud Infrastructure Depth: Strong foundational
- experience working with multi-cloud environments (Deep GCP expertise preferred, with working knowledge of AWS or Azure). - Posture Management & Scanning Tooling: Hands-on
- experience operating modern infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or cloud-native options (GCP Security Command Center). - IaC and Automation Fluency: Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows.
- Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS. - Containerization & Orchestration: Deep understanding of Docker/container security and Kubernetes architectures (e.g., GKE, EKS), including runtime security, network policies, and workload identity. - Compliance Awareness: Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST.
- WHAT WE VALUE - Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
- - Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.