Security Architecture Lead

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.


ABOUT THE ROLE

We are looking for a Security Architecture Lead to serve as the primary technical authority for Replit’s security blueprint. In this Technical Lead capacity, you will steer the architectural direction for a team of security architects and engineers, ensuring our platform is resilient and secure by design. You will be a "player-coach"—leading high-impact technical initiatives while providing deep subject matter expertise to both the engineering organization and executive leadership.


WHAT YOU'LL DO


TECHNICAL LEADERSHIP & MENTORSHIP

- Architectural North Star: Act as the lead technical voice for security architecture, defining the long-term vision and ensuring consistency across complex infrastructure and product projects.

- Technical Mentorship: Provide high-level guidance and mentorship to security engineers, fostering a culture of technical excellence and rigorous security design without the overhead of administrative management.

- Project Steering: Lead cross-functional squads through complex security implementations, from initial design to final production deployment.


ARCHITECTURE STRATEGY & RISK MANAGEMENT

- Maintain the Source of Truth: Define and maintain (document) the authoritative "Source of Truth" for Replit’s secure architecture, ensuring these patterns are consistently adopted across all engineering teams.

- Secure Bootstrapping & Isolation: Drive the design for secure bootstrapping and multi-layered trust. Enforce isolation principles at every level—from technical containerization and network segmentation to business logic and multi-tenant resource separation.

- Contribution to Risk Register: Actively identify, document, and quantify architectural security risks. You will be responsible for ensuring these are accurately reflected in the Cybersecurity Risk Register, translating technical debt into actionable risk profiles for executive stakeholders.


SECURITY DESIGN & REVIEW

- Deep-Dive Reviews: Oversee and conduct deep-dive security reviews for core product features and infrastructure, identifying potential threats and mitigating risks early in the development lifecycle.

- Availability & Resilience: Own the architectural strategy for Availability, specifically defending against DoS threats to ensure a highly resilient platform.


CROSS-FUNCTIONAL ENABLEMENT

- Compliance & Documentation: Partner with GRC teams to translate complex architectural designs into clear, audit-ready documentation and control frameworks. Evaluate required controls against architecture and assess readiness for future compliance certifications.

- GTM & Sales Support: Act as the technical bridge for the Sales team, addressing complex security inquiries from enterprise cus