Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
We are looking for a SOC Engineer to join our Security Operations team and help defend a fast-moving, cloud-native AI vibe-coding platform. In this role, you will stay on top of emerging threatsโfrom 0-days and active exploitation campaigns to bug bounty findings and customer-reported issuesโand rapidly determine their relevance and potential impact to Replit. You will conduct investigations, analyze signals across our environment, and collaborate with Security, SRE, and Engineering teams to develop and drive effective containment and mitigation strategies.
This is a hands-on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP), and the ability to work across multiple teams in a fast-paced environment.
RESPONSIBILITIES
THREAT AWARENESS & RAPID ASSESSMENT
- Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues
- Quickly assess the applicability of these threats to Replitโs cloud infrastructure, SaaS services, internal tooling, and platform components.
INVESTIGATION & IMPACT ANALYSIS
- Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit.
- Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools.
- Identify gaps or weaknesses in existing detection or visibility and propose improvements.
CONTAINMENT, MITIGATION & CROSS-TEAM COLLABORATION
- Research potential impact paths and develop mitigation strategies for confirmed or applicable threats.
- Partner closely with Security, SRE, and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes.
- Document findings, mitigations, and follow-up actions clearly for internal teams.
REQUIRED SKILLS & EXPERIENCE
- Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystemsโenabling effective partnership with Engineering teams.
- Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.
- Solid knowledge of cloud architecture, especially Google Cloud Platform (GCP) services used in modern cloud-native deployments.
- Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.
- Hands-on experience with SIEM, Cloud Logging, and log-based investigation workflows.
- Ability to perform inves