Replit
IT
SecurityEngineer-VulnManagement(Code)
Neural analysis suggests this role is
optimal for Mid candidates.
“Security Engineer - Vuln Management (Code) at Replit. Skills: Application Security, Vulnerability Management, Software Development, DevSecOps. Perform periodic application security scanning activities. Review results and prioritize flaws based on CVSS scores, real-world exploitability, and system exposure”
Industry & Context.
Breaking down complex security challenges into elegant, scalable engineering solutions
In-office requirement of Monday, Wednesday, and Friday
What They're Looking For.
Must Have
5 years of experience in Application Security, DevSecOps, or Software Engineering roles, Solid foundational experience working in a software development capacity, Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go, Familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks, Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx), Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST
Nice to Have
Software development background, Help Replit mature through various SLSA levels for supply chain security
What You'll Do.
Perform periodic application security scanning activities
Review results and prioritize flaws based on CVSS scores
real-world exploitability
and manage vulnerabilities according to strict compliance SLAs (e. g.
Maintain audit-ready evidence of remediation timelines and exception approvals
Escalate and report critical exposures directly to the CISO and senior leadership
Maintain dashboards and alerting mechanisms that visualize vulnerability status
and compliance posture
Ownership of the organization's Software Bill of Materials (SBOM)
Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking
Partner with development teams to provide clear mitigation paths
and patch code directly when necessary to resolve security flaws
Configure and tune automated security testing tools within CI/CD pipelines
Assist Incident Response teams during active breaches or security incidents
Help develop and implement immediate
real-time code or infrastructure countermeasures
How You'll Work.
Team & Collaboration
Bridge the gap between security, compliance, and engineering teams; Partner with development teams to provide clear mitigation paths; Assist Incident Response teams during active breaches or security incidents; Drive technical alignment across the organization through expertise and collaboration
Communication Scope
Executive Reporting & Alerting
Process & Methodology
Lead major technical initiatives and driving outcomes with minimal oversight
Full Job Description
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE We are seeking a mid-level AppSec Vulnerability Management Engineer with a strong software development background. In this role, you will bridge the gap between security, compliance, and engineering teams. You will identify application vulnerabilities, maintain software supply chain security, and drive tracking to satisfy strict regulatory compliance frameworks. You will also serve as a technical responder during security incidents, deploying real-time countermeasures to protect our software ecosystem. WHAT YOU'LL DO CORE RESPONSIBILITIES - Vulnerability Scanning & Triage: Perform periodic application security scanning activities. Review results and prioritize flaws based on CVSS scores, real-world exploitability, and system exposure. - Compliance-Driven Tracking: Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS). Maintain audit-ready evidence of remediation timelines and exception approvals. - Executive Reporting & Alerting: Escalate and report critical exposures directly to the CISO and senior leadership. Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture. - Software Supply Chain Security: Ownership of the organization's Software Bill of Materials (SBOM). Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking. Help Replit mature through various SLSA levels for supply chain security. - Remediation Collaboration: Partner with development teams to provide clear mitigation paths. Review, write, and patch code directly when necessary to resolve security flaws. - Tooling Integration: Configure and tune automated securit
Applying for this Security Engineer - Vuln Management (Code) role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Replit?
Real rants from real employees. Read before you apply.