Offensive Security Engineer

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

ABOUT THE ROLE

We are looking for a senior-level Offensive Security Engineer to serve as a high-impact "adversary-in-residence" for Replit’s cloud-native platform. At Replit, security isn't just about perimeter defense; it’s about the integrity of the code that powers millions of environments.

In this role, you will lead advanced "whitebox" penetration testing engagements—diving deep into our source code to identify systemic weaknesses, logic flaws, and architectural gaps. You will simulate sophisticated adversary tactics across our web applications, APIs, and containerized infrastructure, ensuring that our AI-integrated development environment remains the most secure place for the world’s software to live.

WHAT YOU'LL DO

- Lead Whitebox Penetration Testing: Execute end-to-end testing with full access to source code. You will perform manual code-level inspections to uncover complex logic flaws and authorization bypasses that automated tools miss.

- Simulate Adversarial Attacks: Conduct Red and Purple team engagements across our cloud-native stack (K8s, Docker), simulating how a sophisticated actor might move from a code-level exploit to infrastructure-wide impact.

- Secure AI-Enabled Systems: Perform offensive testing on LLM-backed applications and agentic AI workflows, focusing on prompt injection, data leakage, and abuse of AI-driven components.

- Vulnerability Research & Chaining: Identify, exploit, and demonstrate realistic business risk by chaining vulnerabilities—from the application layer down through our internal trust boundaries.

- Build Offensive Tooling: Contribute to internal security frameworks and build AI-assisted testing tools to automate the discovery of common bug classes while ma...