Product Security Architect

Replit•Foster City, CA

2d•Hybrid

About The Position

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. About the Role We are looking for a Product Security Architect to serve as the subject matter expert for Replit’s secure product blueprint. In this critical role, you will define and implement the application security architecture for our multi-tenant SaaS platform, ensuring our platform is resilient and secure by design. You will be a key technical contributor—leading high-impact security initiatives and providing deep subject matter expertise to both the engineering organization and executive leadership.

Requirements

8+ years of experience in product security engineering or architecture, specifically with Multi-tenant SaaS products.
Deep expertise in common product security practices (e.g., tenant separation, RBAC, BYOK, secure API design, session/token management).
Expertise in Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) in a multi-tenant SaaS environment.
Strong programming background (Python/Go/JavaScript) with proven ability to conduct code review.
Experience writing and maintaining Architecture documents.
Exceptional ability to communicate technical risk to both engineering and executive audiences.
Strong track record of contributing to Cybersecurity Risk Register.

Nice To Haves

Experience with AI Agent-based Saas products is a plus.

Responsibilities

Serve as the primary security mentor and subject matter expert for engineering teams, fostering a culture of technical excellence and rigorous security design.
Define the product security vision, ensuring consistency across complex application architecture projects.
Lead the security implementation of new product features from initial design to final production deployment.
Conduct proactive threat modeling for new product features and major architectural changes.
Define and enforce best practices around application security, including audit/application logging, configuration, tenant separation, encryption, customer BYOK, RBAC design, API design, and Session/cookie/token management.
Define and implement secure Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) for multi-tenant SaaS products.
Assess and mitigate risks associated with application third-party integrations such as payment, AI models, code repositories, etc.
Apply a strong programming background (Python/Go/JavaScript) to perform hands-on code reviews when needed to validate security controls.
Define and maintain (document) the authoritative “Source of Truth” for Replit’s secure architecture, ensuring these patterns are consistently adopted across all engineering teams.
Actively identify, document, and quantify architectural security risks. You will be responsible for ensuring these are accurately reflected in the Cybersecurity Risk Register.
Support other security teams like GRC, Pentesting, Vulnerability Management, and PSIRT.
Partner with GRC teams to translate complex architectural designs into clear, audit-ready documentation and control frameworks.
Act as the technical bridge for the Sales team, addressing complex security inquiries from enterprise customers regarding Replit's architectural integrity.