SOC Engineer

Location

Foster City, CA (Hybrid) In office M,W,F

Full time

Engineering

• Compensation is determined based on career level, with the base salary for this role ranging from $180K – $250K
  • Offers Equity
  • Offers Bonus
  • Performance based bonus

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.

We are looking for a SOC Engineer to join our Security Operations team and help defend a fast-moving, cloud-native AI vibe-coding platform. In this role, you will stay on top of emerging threats—from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues—and rapidly determine their relevance and potential impact to Replit. You will conduct investigations, analyze signals across our environment, and collaborate with Security, SRE, and Engineering teams to develop and drive effective containment and mitigation strategies.

This is a hands‑on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP
), and the ability to work across multiple teams in a fast‑paced environment.

• Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues
• Quickly assess the applicability of these threats to Replit’s cloud infrastructure, SaaS services, internal tooling, and platform components

• Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit
• Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools
• Identify gaps or weaknesses in existing detection or visibility and propose improvements

• Research potential impact paths and develop mitigation strategies for confirmed or applicable threats
• Partner closely with Security
  , SRE
  , and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes
• Document findings, mitigations, and follow-up actions clearly for internal teams

• Strong understanding of software engineering fundamentals
  , including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineeringli>
• Understanding of CI/CD pipelines and Dev Ops workflows, enabling collaboration with Infrastructure and Dev Ops teams
• Solid knowledge of cloud architecture
  , especially Google Cloud Platform (GCP) services used in modern cloud-native deployments
• Familiarity with SaaS architectures
  , identity systems, and integration patterns for effective collaboration with Cloud Security teams
• Hands‑on experience with SIEM
  , Cloud Logging
  , and log-based investigation workflows
• Ability to perform investigations using log data, behavioral indicators, and threat intelligence
• General understanding of vulnerability life cycles, exploitability analysis, and common attack vectors

• Experience with threat intelligence, security research, or vulnerability analysis
• Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems
• Ability to write scripts or small tools for investigation or automation (Python, Go, Bash)
• Experience working with bug bounty programs or coordinated vulnerability disclosure workflows
• Experience in fast‑paced, cloud-native, or AI/ML‑driven environments

• Curiosity & initiative: Strong desire to understand attacker behaviors, emerging threats, and how they apply to real-world systems
• Speed & analytical rigor: Ability to quickly assess high‑risk vulnerabilities with clear, evidence‑based reasoning
• Collaboration: Comfort working across cross‑functional teams spanning Security, SRE,…