Responsibilities

• Monitor and analyse security alerts and logs to identify potential threats and anomalies
• Develop, implement, and maintain detection rules and correlation logic in our SIEM platform
• Conduct thorough investigations of security incidents, performing root cause analysis and impact assessments
• Lead incident response efforts, coordinating with relevant teams to contain and mitigate threats
• Create and maintain incident response playbooks and runbooks
• Perform regular threat hunting activities to proactively identify potential security risks
• Develop and refine metrics and reporting to track the effectiveness of detection and response capabilities
• Collaborate with other security teams to improve overall security posture and incident handling processes
• Stay current with emerging threats, attack techniques, and defensive strategies in the cloud-native and AI domains

Basic Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in security operations, incident response, or a similar role
• Strong understanding of cybersecurity principles, attack techniques, and defensive strategies
• Proficiency in at least one scripting language (e.g., Python, Rust) for automation and tool development
• Experience with SIEM platforms and log analysis tools
• Familiarity with cloud environments (e.g., AWS, GCP, Azure) and their security features
• Knowledge of network protocols, system administration, and common attack vectors
• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills and ability to work effectively under pressure

Preferred Skills and Experience

• Relevant security certifications (e.g., GCIH, GCIA, SANS)
• Experience with threat intelligence platforms and their integration into detection processes
• Familiarity with AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
• Knowledge of software supply chain security and SBOM analysis
• Experience with containerized environments and Kubernetes security
• Experience in building custom security tools or integrations to enhance detection and response capabilities
• Interest in leveraging AI to improve threat detection and automate response processes
• Contributions to open-source security projects or threat research
• Experience with digital forensics and malware analysis

Compensation and Benefits

$200,000 - $340,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

This role is highly hands-on and systems-oriented, sitting at the intersection of security, infrastructure, and distributed systems.

Your primary responsibilities will be to:

• Build and harden infrastructure security by designing and implementing security controls across cloud infrastructure, Kubernetes and containerized workloads, networking, service meshes, and edge systems, CI/CD pipelines and deployment systems, and secure compute environments for GPU workloads and model execution.
• Implement identity, secrets, and access controls, including machine identity and workload authentication, secrets management and encryption, least-privilege access, and short-lived credentials.
• Protect model weights, inference endpoints, and customer data, design secure data access pathways and isolation mechanisms, and ensure safe multi-tenant execution environments.
• Automate security guardrails directly into infrastructure and CI/CD, use Infrastructure-as-Code to enforce secure defaults, and continuously identify and remediate security gaps through automation.
• Identify and mitigate risks across infrastructure layers, defend against both external attackers and insider threats, and drive projects like network isolation, encryption, and secure service communication.

To succeed in this role, you'll need to have:

• 8+ years in security engineering, infrastructure, or SRE.
• Strong understanding of cloud security, networking fundamentals, Linux systems, and container security.
• Experience building or securing production infrastructure at scale.
• Deep knowledge of authentication and authorization systems, secrets management and cryptography basics, common vulnerabilities and attack vectors, and ability to design security controls across multiple layers.
• Proficiency in at least one language, experience with Infrastructure-as-Code, and strong automation mindset.

Nice to have experience with GPU infrastructure, multi-tenant platform isolation, service mesh architectures, and high-growth startup environments.

What makes this role unique is that you'll work on cutting-edge AI infrastructure security, secure GPU clusters, model execution, and real-time inference systems, have high ownership, and direct impact on developer trust and platform reliability.

Our security philosophy is to enable developers, automate everything, assume breach, and design for resilience.

In terms of compensation and benefits, we offer competitive salary, equity, full health, dental, and vision coverage, and opportunity to work on frontier AI infrastructure.

XML job scraping automation by YubHub

Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling, and two years ago we split out as a separate business. Starling has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up.

This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success.

As a company, everyone is expected to roll up their sleeves to help deliver great outcomes for our clients. We are an engineering led company and we’re looking for people who are will be excited by the potential for Engine’s technology to transform banking in different markets around the world.

Our purpose is underpinned by five values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness.

Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person.

About the Role To support our growth, we are looking for talented and motivated SOC engineers to join our foundational in-house SOC team.

In this pivotal role, you will be instrumental in supporting the development, implementation, and operating of our security monitoring, detection, and response capabilities, with a particular focus on our cloud environments.

You'll be at the forefront of responding to incidents and alerts, and helping shape the future of our security operations capabilities.

What you'll get to do:

Security Monitoring & Alert Triage: Monitor security alerts and events generated by various security tools, perform triage and analysis of security incidents and anomalies, distinguishing between true positives and false positives.

Prioritise alerts based on severity, potential impact, and business criticality.

Incident Detection & Response: Investigate security incidents thoroughly, leveraging logs from platforms, endpoints, applications, and other security tools.

Create and follow incident response playbooks and contribute to their continuous improvement.

Collaborate with Technology, Product and Engineering Teams to contain, eradicate, and recover from security incidents.

Document incident details, findings, and remediation steps accurately and comprehensively.

Additionally:

Stay informed about the latest cyber threats, attack techniques, and vulnerabilities, especially those targeting cloud environments.

Participate in proactive threat hunting activities using available tools and data sources.

Contribute to the optimisation, tuning, and maintenance of SOC tools.

Identify opportunities for automation to streamline security operations and enhance detection capabilities.

Maintain detailed records of security incidents, investigations, and remediation actions.

Requirements:

3+ years of hands-on experience in a Security Operations Center (SOC) or similar cybersecurity role.

Demonstrable experience with cloud security monitoring and incident response.

Familiarity with various attack vectors, threat intelligence frameworks (e.g., MITRE ATT&CK).

A cyber/information security related degree and/or relevant cybersecurity qualifications would be beneficial e.g. CompTIA Security+, (ISC)² SSCP or CySA+

XML job scraping automation by YubHub

This is a hands-on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP), and the ability to work across multiple teams in a fast-paced environment.

Responsibilities

Threat Awareness & Rapid Assessment

• Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues

• Quickly assess the applicability of these threats to Replit’s cloud infrastructure, SaaS services, internal tooling, and platform components.

Investigation & Impact Analysis

• Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit.

• Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools.

• Identify gaps or weaknesses in existing detection or visibility and propose improvements.

Containment, Mitigation & Cross-Team Collaboration

• Research potential impact paths and develop mitigation strategies for confirmed or applicable threats.

• Partner closely with Security, SRE, and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes.

• Document findings, mitigations, and follow-up actions clearly for internal teams.

Required Skills & Experience

• Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams.

• Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.

• Solid knowledge of cloud architecture, especially Google Cloud Platform (GCP) services used in modern cloud-native deployments.

• Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.

• Hands-on experience with SIEM, Cloud Logging, and log-based investigation workflows.

• Ability to perform investigations using log data, behavioral indicators, and threat intelligence.

• General understanding of vulnerability lifecycles, exploitability analysis, and common attack vectors.

Preferred Qualifications

• Experience with threat intelligence, security research, or vulnerability analysis.

• Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems.

• Ability to write scripts or small tools for investigation or automation (Python, Go, Bash).

• Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.

• Experience in fast-paced, cloud-native, or AI/ML-driven environments.

What We Value

• Curiosity & initiative: Strong desire to understand attacker behaviors, emerging threats, and how they apply to real-world systems.

• Speed & analytical rigor: Ability to quickly assess high-risk vulnerabilities with clear, evidence-based reasoning.

• Collaboration: Comfort working across cross-functional teams spanning Security, SRE, Engineering, and Infrastructure.

• Clear communication: Ability to explain findings, risks, and mitigation strategies to stakeholders at all levels.

• Ownership mindset: Takes initiative to drive investigations, improvements, and remediations to completion

• Continuous learning: Passion for staying up to date on new vulnerabilities, exploit trends, and cloud-native security best practices.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🚗 Commuter Benefits

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement

🏝 Flexible Time Off (FTO) + Holidays

🚀 Quarterly Team Gatherings

☕ In Office Amenities

Want to learn more about what we are up to?

• Meet the Replit Agent

• Replit: Make an app for that

• Replit Blog

• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles

• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially

XML job scraping automation by YubHub