Security Engineer - Vuln Management (Code)

About The Position

Requirements

• 5 years of experience in Application Security, DevSecOps, or Software Engineering roles.
• Solid foundational experience working in a software development capacity.
• Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go.
• Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks.
• Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx).
• Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.

Nice To Haves

• Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
• Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
• Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.
• Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

Responsibilities

• Perform periodic application security scanning activities.
• Review results and prioritize flaws based on CVSS scores, real-world exploitability, and system exposure.
• Track, document, and manage vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS).
• Maintain audit-ready evidence of remediation timelines and exception approvals.
• Escalate and report critical exposures directly to the CISO and senior leadership.
• Maintain dashboards and alerting mechanisms that visualize vulnerability status, risk trends, and compliance posture.
• Ownership of the organization's Software Bill of Materials (SBOM).
• Continually update SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking.
• Help Replit mature through various SLSA levels for supply chain security.
• Partner with development teams to provide clear mitigation paths.
• Review, write, and patch code directly when necessary to resolve security flaws.
• Configure and tune automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams.
• Assist Incident Response teams during active breaches or security incidents.
• Help develop and implement immediate, real-time code or infrastructure countermeasures.

Benefits

• Competitive Salary & Equity
• 401(k) Program with a 4% match (US Only)
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Flexible Time Off (FTO) + Holidays
• Commuter Benefits (In-Office Only)
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement (In-Office Only)
• Quarterly Team Gatherings
• In Office Amenities (In-Office Only)