CrawlJobs Logo

Product Security Engineer

replit.com Logo

Replit

Location Icon

Location:
United States , Foster City

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

180000.00 - 325000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit’s cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services—from intake to validation, remediation coordination, and public disclosure. This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.

Job Responsibility:

  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
  • Independently validate, reproduce, severity-score, and document findings
  • Identify duplicates and maintain a clean vulnerability records pipeline
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses
  • Track SLAs, remediation progress, regression testing, and systemic improvements
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
  • Design and evolve the bug bounty program, including scope, rules, and reward structures
  • Manage platform selection, private vs. public launches, and community engagement
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes
  • Determine reward payouts, bonus decisions, and recognition for top contributors
  • Lead the coordinated vulnerability disclosure process for internal and external findings
  • Negotiate disclosure timelines with researchers and partners
  • Coordinate CVE assignments and publications, and prepare customer/public advisories

Requirements:

  • Experience running or triaging for bug bounty programs (HackerOne ideally)
  • Strong ability to triage, validate, and reproduce vulnerabilities independently
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals

Nice to have:

  • Scripting or automation experience (Python, Go, Bash)
  • Pentesting background or exposure to offensive security work
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001
  • Experience authoring public advisories or CVE writeups
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling
What we offer:
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Quarterly Team Gatherings
  • In Office Amenities

Additional Information:

Job Posted:
February 18, 2026

Employment Type:
Fulltime
Work Type:
On-site work
Icon
Replit - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Product Security Engineer

Principal Product Security Engineer

The Principal Product Security Engineer will be responsible for partnering with ...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience working in security
  • Demonstrated expertise and experience working in security-focused roles
  • Significant experience collaborating with engineering teams to conduct security assessments and threat modelling for on-premise as well as SaaS products
  • Strong expertise in cloud security, with a focus on AWS, GCP, and Azure, coupled with significant experience in container security, particularly in Docker and Kubernetes
  • Significant expertise in overseeing security design reviews for transitioning services from monolithic to microservices architecture
  • Experience coding in Java, Javascript, Python, or Go, and at least one scripting language
  • Experience leading large-scale projects from start to finish and mentoring other security practitioners
  • Adept experience providing SME knowledge and guidance to stakeholders and engineering functions
Job Responsibility
Job Responsibility
  • Partnering with our security teams and leadership groups across Atlassian's vast footprint to uplift our security programs
  • Being the Technical SME, promote automation, review platform and service designs and architecture and drive our security teams to equip the engineering partner teams with the latest tools, techniques and methodologies to build secure products by default
What we offer
What we offer
  • Health coverage
  • Paid volunteer days
  • Wellness resources
  • Fulltime
Read More
Arrow Right

Product Security Engineer

At Atlassian, we're motivated by a common goal: to unleash the potential of ever...
Location
Location
United States , San Francisco
Salary
Salary:
150700.00 - 206000.00 USD / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Cybersecurity or related field
  • 24 months of experience working as Application Security Engineer, Product Security Engineer, or Penetration Tester
  • experience in application security tooling such as BurpSuite Pro, Postman, Docker, Command Line Interface (CLI) tools, Nmap, and Metasploit
  • understanding and coding common programming languages such as Java, Python, or Go
  • penetration testing, vulnerability assessment, composing and generating vulnerability reports
  • administering and managing Jira project
  • data analysis and data visualization tooling such as Tableau and Databricks
  • code versioning tools such as Bitbucket Cloud and GitHub
  • must pass technical interview
Job Responsibility
Job Responsibility
  • Evaluate submissions from security researchers to bug bounty program, assess the impact of each vulnerability, and communicate with the researcher community to help obtain additional details that may be helpful to engineering teams as they work to remediate the issues
  • drive improvement to the policies, processes, and automation to make bug bounty programs effective and ensure to get the most accurate information about each vulnerability to the proper engineering team as quickly as possible
  • work on vulnerability management improvements on processes, policies and standards
  • make sure the company's products and services are safe and secure, the internal vulnerability management workflow is accurate and up to date
  • identify vulnerabilities at scale and help engineering teams systematically remediate them
  • work on securing open-source supply chain
  • interact with some of the world’s leading security researchers through bug bounty program
  • build cutting edge tools to help identify and remediate vulnerabilities at scale
  • work with web application security and a strong ability to work with colleagues to develop and build solutions to help us scale in order to be successful in this role
  • read and write code
What we offer
What we offer
  • health and wellbeing resources
  • paid volunteer days
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
United States , Remote
Salary
Salary:
101900.00 - 234500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity, or a related field (or equivalent experience)
  • 7+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF, and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers.
What we offer
What we offer
  • Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing
  • Specific programs catered to helping employees reach career goals
  • Inclusive working environment.
  • Fulltime
Read More
Arrow Right

Product Security Engineer - Secure SDLC Analyst

HPE Aruba Networking is looking for a person excited to work at the intersection...
Location
Location
United States , San Juan
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Information Security, Computer Science, or related technical field
  • A background in software security, either academic or work experience, including reverse engineering, vulnerability classes such as buffer overflows and their prevention, web application security, and/or cloud security
  • Programming knowledge of at least one programming language with the ability to look at source code and figure out what it’s doing
  • Familiarity with the purpose of tools such as IDEs, compilers, source code revision control systems, ASPM, SCA and code scanners
  • Minimum 3 years of experience working directly in software engineering or in an adjacent field with exposure to the software engineering environment
  • Experience conducting risk assessments, threat modeling, and/or compliance assessments
  • Experience supporting the integration of security practices through the software development lifecycle
Job Responsibility
Job Responsibility
  • Assist in the execution of product compliance assessments against various frameworks (e.g. NIST SSDF, NIST SP 800-218, SP 800-53, CIS Benchmarks)
  • Assist in the development and/or maintenance of GRC and SDLC tooling implementations, including scripting and automation
  • Operate as a representative of HPE Aruba in working groups, with government representatives, and with auditors
  • Provide consulting, information, and advice to product teams around implementing and improving the maturity of our SDLC
  • Document known issues and provide information to product teams in a manner which allows for easy interpretation and corrective actions to be performed
  • Monitor worldwide government standards and communicate to management and product teams when changes are made that may impact an existing control or introduce new requirements
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Product Security Engineer

Join Airtable as a Product Security Engineer and play a pivotal role in shaping ...
Location
Location
United States , San Francisco; Seattle; New York City; Los Angeles
Salary
Salary:
170000.00 - 277000.00 USD / Year
airtable.com Logo
Airtable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years experience in product security and application security
  • Experience shipping production code
  • Skilled at conducting in-depth security reviews and collaborating with engineering teams
  • Proficient in writing clean, maintainable code
  • Hands-on experience with AI product security for LLM-powered products
  • Strong communicator and collaborator, able to drive security initiatives
  • Comfortable making systems as well as breaking them
  • Familiar with JavaScript or TypeScript, Node, Linux, and AWS or comparable technologies
  • Comfortable working in a fast-paced environment and contributing to long-term security strategy
Job Responsibility
Job Responsibility
  • Partner with product teams to review product plans, designs, and code for security considerations
  • Lead and implement programs that raise the bar for application and product security
  • Build and ship frameworks that make it easy for product engineers to ship secure code
  • Triage and drive remediation for findings from external penetration testers
  • Research emerging threats and evolving best practices, especially in AI and LLM safety
  • Work with advisors and third party vendors on penetration tests, security reports and compliance projects
  • Contribute to roadmaps, metrics and strategic planning for the product security team
What we offer
What we offer
  • Benefits
  • Restricted stock units
  • Incentive compensation
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Security Team is responsible for providing key security capabilities coverin...
Location
Location
Netherlands
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Job Responsibility
Job Responsibility
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What we offer
What we offer
  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right

Product Security Engineer

About the team: The Security Team is responsible for providing key security capa...
Location
Location
Canada
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Job Responsibility
Job Responsibility
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What we offer
What we offer
  • Flexible work environment
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right

Staff Product Security Engineer

As a Staff Product Security Engineer, you will play a crucial role in safeguardi...
Location
Location
France , Paris
Salary
Salary:
Not provided
dashlane.com Logo
Dashlane
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of application security best practices, including experience with threat modeling and risk assessments
  • Demonstrated experience building or improving an SDLC program
  • Familiarity with CI/CD pipelines and their security implications
  • Familiarity with cloud infrastructure (e.g., AWS, Azure, Kubernetes), and Infrastructure-as-Code (e.g., Terraform)
  • Interest in enabling secure use of AI tools to drive efficiency, creativity, and impact internally
  • Communication & Collaboration: You engage and listen empathetically to others, adjusting your communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences
  • Mentoring: You enjoy using your knowledge and experience to support and uplevel those around you
  • Motivated Learner: You learn new technologies and processes quickly, and understand where to look for knowledge when you need it
  • Adaptability: You are a jack or jane of all trades - you’re comfortable digging into non-technical parts of the business to provide security support and guidance
Job Responsibility
Job Responsibility
  • Drive the continuous improvement of Dashlane’s security program across the product and company
  • Conduct architecture design reviews, threat modeling, and technical security assessments of Dashlane’s product (application and infrastructure) to identify security risks and provide mitigation guidance
  • Ensure security best practices are integrated throughout the software development lifecycle (SDLC)
  • Build upon and scale Vulnerability Management to ensure the team can track, analyze, and manage vulnerabilities and their remediation
  • Perform risk assessments of Dashlane’s internal systems, environments, assets, and data, and implement security best practices accordingly
  • Evaluate and implement security tooling and/or build customized tooling in-house where necessary
  • Participate in Compliance and Incident Response
  • Innovate and propose new forward-looking security features that protect Dashlane and our users
What we offer
What we offer
  • Equal Parental leave - regardless of gender, up to 20 weeks fully paid leave to take care of their new baby, within the first year of birth or adoption
  • Health insurance covered by Dashlane
  • Mentorship program - select your mentor from our internal pool and continue your learning path!
  • Commute allowance
  • Meal Vouchers (Swile)
  • Mental health services through Spring Health for you and family members
  • 4 extra days off (one per quarter) to acknowledge the importance of your wellbeing
  • Spot in daycare
  • Time off saving account
  • Donation matching program - give back to the community and support actions that lead to positive social impact under the historically marginalized communities. Every donation will be matched by Dashlane
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy