Replit
Engineering
StaffSoftwareEngineer,Risk
Neural analysis suggests this role is
optimal for Senior candidates.
“Staff Software Engineer, Risk at Replit. Skills: LLM guardrails, AI-powered detection, Abuse detection systems, Automated response mechanisms. Design LLM guardrails. Build AI-powered detection systems”
What You'll Achieve.
Stay ahead of attackers; Ship systems that stop abuse at scale; Enforce platform policies without manual intervention; Measure detection effectiveness; Adapt defenses as attack patterns evolve
Industry & Context.
Investigate complex abuse patterns; Translate findings into automated defenses; Constantly adapting to adversarial behavior
In-office requirement of Monday, Wednesday, and Friday
What They're Looking For.
Must Have
8+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection, programming skills in Python and/or TypeScript for building detection systems and automation, Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar), Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection, Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors, Ability to investigate complex abuse patterns and translate findings into automated defenses, Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse
Nice to Have
Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools), Background in fraud detection, payment abuse, or financial crime, Familiarity with device fingerprinting, IP reputation, and email validation services, Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk), Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred), Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems
What You'll Do.
Design LLM guardrails
Build AI-powered detection systems
Build abuse detection systems
Design automated response mechanisms
Own abuse response lifecycle
Analyze attack patterns
Maintain internal detection tools
Integrate security scanners
How You'll Work.
Team & Collaboration
Working across Security, Support, Legal, and Engineering teams; Partnering closely with Support, Legal, and cross-functional teams
Communication Scope
Clear communication skills
Full Job Description
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE The Risk team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them. What makes this role unique is the AI-native nature of Replit's platform. You'll work on problems that barely exist elsewhere: building guardrails for AI-generated code, detecting prompt injection attacks at scale, and using LLMs as a defensive tool against abuse. If you want hands-on experience applying AI to security problems, this is one of the few places you can do it in production with real attackers. You'll own problems end-to-end, from identifying emerging abuse patterns to shipping the systems that stop them at scale. IN THIS ROLE YOU WILL… - Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions - Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions - Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions - Design automated response mechanisms that enforce platform policies without manual intervention - Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal - Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules - Maintain and extend int
Applying for this Staff Software Engineer, Risk role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Replit?
Real rants from real employees. Read before you apply.