×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Security Operations Lead

Job in Foster City, San Mateo County, California, 94420, USA
Listing for: Repl.it
Full Time position
Listed on 2025-12-31
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 220000 - 325000 USD Yearly USD 220000.00 325000.00 YEAR
Job Description & How to Apply Below

Location

Foster City, CA (Hybrid) In office M,W,F

Employment Type

Full time

Department

Operations

Compensation
  • Compensation is determined based on career level, with the base salary for this role ranging from $220K – $325K
    • Offers Equity
    • Offers Bonus
    • Performance based bonus

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.

We are looking for a Security Operations Lead (SOC Lead) to build, mature, and operate our 24/7 detection and response capabilities across a modern cloud-native and AI-driven environment. This role leads the global SOC function—monitoring, SIEM ownership, detection engineering, alert triage, and operational readiness—while also evaluating and integrating emerging AI-based SOC products and autonomous response platforms
.

You will oversee monitoring across multi-cloud environments (GCP primary, AWS/Azure secondary), Kubernetes, SaaS services, endpoints, developer tools, and AI workloads
. You’ll collaborate closely with Cloud Security, Compliance/GRC, SRE, Platform Engineering, IT/Endpoint teams, and AI Infrastructure to ensure our detection strategy scales and stays ahead of evolving threats.

This is a hands‑on leadership role perfect for someone who wants to shape the SOC of the future while solving complex challenges in a high‑scale AI setting.

What You’ll Do
SOC Leadership & 24/7 Monitoring

  • Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.

  • Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high‑scale environments.

  • Cover monitoring across:

    • Cloud infrastructure (GCP, AWS, Azure)
    • Kubernetes/GKE/EKS/AKS clusters
    • SaaS platforms (Google Workspace, Git Hub, Slack, Okta, etc.)
    • Endpoints (macOS, Linux, Windows) including EDR/XDR telemetry
    • Developer platforms + CI/CD pipelines
    • AI/ML systems and model‑serving workflows
AI‑Based SOC Integration & Innovation

  • Evaluate, adopt, and integrate AI‑native SOC technologies for triaging, detection, and correlation.

  • Identify opportunities to automate triage, investigations, enrichment, and reporting.

  • Serve as the internal expert on the capabilities and limitations of AI‑based SOC tooling.

SIEM & Telemetry Ownership

  • Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.

  • Expand telemetry across:

    • Cloud logs, API logs, system events
    • SaaS audit logs and admin events
    • Identity providers (Okta, Google, Azure AD)
    • Endpoint EDR/XDR event streams

  • Standardize data schemas and improve detection signal quality across sources.

Detection Engineering

  • Develop high‑fidelity detections for:

    • Cloud‑native attacks
    • Identity threats and lateral movement
    • SaaS misconfigurations and privilege abuse
    • Endpoint malware/behavior anomalies
    • Insider threats and account takeover patterns

  • Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage.

  • Collaborate with Engineering, Cloud Security, and SRE to ensure telemetry supports detection use cases.

Triage, Threat Analysis & Escalation

  • Lead day‑to‑day triage and threat analysis activities, ensuring accurate categorization and prioritization.

  • Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms.

  • Guide root cause analysis and work with owners to drive remediation and architectural improvements.

  • Continuously refine logic, reduce false positives, and improve signal quality.

Cross‑Functional Collaboration

  • Partner with Cloud Security on cloud posture and preventative controls.

  • Work with Compliance/GRC to support SOC 2, ISO 27001, and audit readiness.

  • Collaborate with SRE and Engineering to instrument new services with structured logs and detection hooks.

  • Coordinate with IT / Endpoint teams to ensure full endpoint telemetry and EDR response readiness.

  • Communicate threats, gaps, and trends to leadership and engineering stakeholders.

Required Skills & Experience

  • 7+ years of experience in Security Operations,…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search