UpJobz
Start free trial
87 remote roles added today376 active tech employers🇺🇸 🇨🇦 🇲🇽 Tri-border network749 metros covered12 database updates this hourTN visa filter live87 remote roles added today376 active tech employers🇺🇸 🇨🇦 🇲🇽 Tri-border network749 metros covered12 database updates this hourTN visa filter live
Jobs/Foster City/Offensive Security Engineer
Foster City, US

Offensive Security Engineer

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

Open employer applicationBack to listings
Company
Replit
Compensation
$188K - $313K
Schedule
Full-Time
Role overview

What this role actually needs.

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. Responsibilities: - Lead Whitebox Penetration Testing: Execute end-to-end testing with full access to source code. You will perform manual code-level inspections to uncover complex logic flaws and authorization bypasses that automated tools miss. - Simulate Adversarial Attacks: Conduct Red and Purple team engagements across our cloud-native stack (K8s, Docker), simulating how a sophisticated actor might move from a code-level exploit to infrastructure-wide impact. - Secure AI-Enabled Systems: Perform offensive testing on LLM-backed applications and agentic AI workflows, focusing on prompt injection, data leakage, and abuse of AI-driven components. - Vulnerability Research & Chaining: Identify, exploit, and demonstrate realistic business risk by chaining vulnerabilities—from the application layer down through our internal trust boundaries. - Build Offensive Tooling: Contribute to internal security frameworks and build AI-assisted testing tools to automate the discovery of common bug classes while maintaining deep manual testing depth. - Partner with Engineering: Work closely with product teams and security architects to explain root causes, influence design guardrails, and triage high-priority findings from our Bug Bounty (HackerOne) program. Requirements: - Public recognition on platforms like HackerOne or Bugcrowd. - Experience building or extending AI-based security testing tools. - Background in incident response or detection engineering from the defensive side. - Published CVEs or security research in the cloud-native or AI space. - Meet the Replit Agent - Replit: Make an app for that Benefits: - Meet the Replit Agent - Replit: Make an app for that - Replit Blog - Amjad TED Talk - Operating Principles - Reasons not to work at Replit Company context: Replit is the collaborative coding platform that turns natural language and prompts into deployed applications.

Responsibilities

Day-to-day expectations

Replit lists these responsibilities for the Offensive Security Engineer role.

  • Lead Whitebox Penetration Testing: Execute end-to-end testing with full access to source code. You will perform manual code-level inspections to uncover complex logic flaws and authorization bypasses that automated tools miss.
  • Simulate Adversarial Attacks: Conduct Red and Purple team engagements across our cloud-native stack (K8s, Docker), simulating how a sophisticated actor might move from a code-level exploit to infrastructure-wide impact.
  • Secure AI-Enabled Systems: Perform offensive testing on LLM-backed applications and agentic AI workflows, focusing on prompt injection, data leakage, and abuse of AI-driven components.
  • Vulnerability Research & Chaining: Identify, exploit, and demonstrate realistic business risk by chaining vulnerabilities—from the application layer down through our internal trust boundaries.
  • Build Offensive Tooling: Contribute to internal security frameworks and build AI-assisted testing tools to automate the discovery of common bug classes while maintaining deep manual testing depth.
  • Partner with Engineering: Work closely with product teams and security architects to explain root causes, influence design guardrails, and triage high-priority findings from our Bug Bounty (HackerOne) program.
Requirements

What a strong candidate brings

These requirements are extracted from the source listing and normalized for UpJobz readers.

  • Public recognition on platforms like HackerOne or Bugcrowd.
  • Experience building or extending AI-based security testing tools.
  • Background in incident response or detection engineering from the defensive side.
  • Published CVEs or security research in the cloud-native or AI space.
  • Meet the Replit Agent
  • Replit: Make an app for that
Benefits

Why people would want this job

Replit published these compensation, benefits, or working-context details with the role.

  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk
  • Operating Principles
  • Reasons not to work at Replit
UpJobz market context

Why this listing is more than a copied job post.

Offensive Security Engineer is framed against UpJobz source checks, country scope, compensation visibility, and work-authorization signals so candidates can make a faster go/no-go decision.

United States tech market

United States roles on UpJobz are filtered for high-tech relevance, source freshness, and actionable employer detail before they are allowed into SEO surfaces.

Compensation read

$188K - $313K is visible before the click, so candidates can compare the role against local market expectations before applying.

Work authorization read

Current extracted signal: Open to TN, H-1B, and OPT candidates already in the United States. UpJobz treats this as a search signal, not legal advice, and links visa-sensitive roles back to the relevant visa hub where possible.

Location read

Hybrid roles in Foster City should be compared against commute, local salary bands, and nearby employer demand.

Browse similar jobs

Subscriber playbook

Turn this listing into an application plan.

This is the first pass at the premium UpJobz layer: a fast brief that helps serious applicants move with more clarity.

Next moves

  • Tailor your resume around ai and llm instead of sending a generic application.
  • Use the first two bullets of your application to connect your background directly to offensive security engineer is a high-signal hybrid role in foster city, and it is most realistic for open to tn, h-1b, and opt candidates already in the united states.
  • Open the role quickly if it fits and bookmark three similar jobs before you leave the page.

Interview themes

Cloud and DevOpsHybridaillmresearchpython

Watchouts

  • $188K - $313K is visible, so calibrate your application around the posted range.
  • Use open to tn, h-1b, and opt candidates already in the united states as part of your positioning so the recruiter does not have to infer it.
  • Show concrete examples of succeeding in hybrid environments.
Role signals

Keywords to match against your background

Use these terms to decide whether your resume, portfolio, and recent projects line up with the role.

aillmresearchpythontypescriptkubernetesawssecurityplatformapideveloper-toolscloudidecollaboration
Next step

Apply through the employer source

Open the source listing from jobs.ashbyhq.com, confirm the role is still active, then apply on the employer or ATS page.

Open employer application

Source: jobs.ashbyhq.com · Source ID: 223ef2d2-c672-419d-b155-5c958df6fc53 · Confidence: 92/100 · Last checked: May 7, 2026

How UpJobz verifies job sourcesContinue browsing tech jobs