We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit's cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services,from intake to validation, remediation coordination, and public disclosure.
\nThis role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.
\nResponsibilities
\nVulnerability Intake, Triage & Validation
\nManage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
\nIndependently validate, reproduce, severity-score, and document findings.
\nIdentify duplicates and maintain a clean vulnerability records pipeline.
\nAssess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
\nRemediation Coordination & SLA Management
\nWork with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
\nProvide detailed reproduction steps, proof-of-concepts, and technical analyses.
\nTrack SLAs, remediation progress, regression testing, and systemic improvements.
\nSupport SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
\nBug Bounty & Vulnerability Disclosure Program Management
\nDesign and evolve the bug bounty program, including scope, rules, and reward structures.
\nManage platform selection, private vs. public launches, and community engagement.
\nCommunicate clearly with researchers, provide clarifications, and handle feedback or disputes.
\nDetermine reward payouts, bonus decisions, and recognition for top contributors.
\nCoordinated Disclosure & CVE Management
\nLead the coordinated vulnerability disclosure process for internal and external findings.
\nNegotiate disclosure timelines with researchers and partners.
\nCoordinate CVE assignments and publications, and prepare customer/public advisories.
\nRequirements
\nNice to Have
\nBenefits
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_2aba3f7c-c5d","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Replit","sameAs":"https://replit.com/","logo":"https://logos.yubhub.co/replit.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/replit/1634b879-80c7-4064-be0a-8a4aecc81923","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"Full time","x-salary-range":"$180K - $325K","x-skills-required":["Experience running or triaging for bug bounty programs","Strong ability to triage, validate, and reproduce vulnerabilities independently","Deep understanding of web/app/cloud vulnerability classes","Familiarity with cloud platforms and SaaS architectures","Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals"],"x-skills-preferred":["Scripting or automation experience","Pentesting background or exposure to offensive security work","Familiarity with compliance frameworks such as SOC 2 and ISO 27001","Experience authoring public advisories or CVE writeups","Hands-on experience with SIEM, Cloud Logging, and investigative tooling"],"datePosted":"2026-04-24T13:13:19.017Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Foster City, CA (Hybrid) In office M,W,F"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Experience running or triaging for bug bounty programs, Strong ability to triage, validate, and reproduce vulnerabilities independently, Deep understanding of web/app/cloud vulnerability classes, Familiarity with cloud platforms and SaaS architectures, Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals, Scripting or automation experience, Pentesting background or exposure to offensive security work, Familiarity with compliance frameworks such as SOC 2 and ISO 27001, Experience authoring public advisories or CVE writeups, Hands-on experience with SIEM, Cloud Logging, and investigative tooling","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":180000,"maxValue":325000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_ff7ad91c-289"},"title":"Program Operations Manager, Human Data","description":"We're looking for a Program Operations Manager to build and run the operational backbone of our Human Data program. You'll own the systems that keep a large, distributed group of external experts productive: onboarding, access and tooling, communications, data integrity across our vendor partner, and the reporting layer that shows how the program is performing.
\nAs a Program Operations Manager, you'll be responsible for running onboarding end-to-end, owning access provisioning, maintaining program data integrity, building program reporting, and partnering across the organization. You'll work closely with research teams, IT, and our vendor partner to resolve access issues and keep experts unblocked.
\nYou'll be the primary point of contact for a large, distributed population, answering questions directly rather than routing them. You'll exercise strong judgment about prioritization when the volume of work exceeds the time available, and know when to escalate versus resolve independently.
\nYou'll write clearly and concisely, as most of this job happens over Slack and email, and clarity compounds across hundreds of interactions. You'll be comfortable executing at high volume in a program that's still being shaped, handling edge cases well and surfacing what you learn.
\nYou'll use AI tools as a core part of how you work, drafting communications, cleaning data, building lightweight automations, and be comfortable with spreadsheets when that's the right tool.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_ff7ad91c-289","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://www.anthropic.com","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/5194302008","x-work-arrangement":"hybrid","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":"$270,000-$290,000 USD","x-skills-required":["program operations","research operations","recruiting coordination","vendor management","AI tools"],"x-skills-preferred":["light scripting or automation experience","background in external workforce, vendor, or recruiting operations"],"datePosted":"2026-04-24T13:10:22.234Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco, CA | New York City, NY"}},"employmentType":"FULL_TIME","occupationalCategory":"Operations","industry":"Technology","skills":"program operations, research operations, recruiting coordination, vendor management, AI tools, light scripting or automation experience, background in external workforce, vendor, or recruiting operations","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":270000,"maxValue":290000,"unitText":"YEAR"}}}]}