New The Skills of Tomorrow: how AI-exposed is every skill in 2026? See the data →
Replit

Security Engineer - Vuln Management (Infra)

Replit
Apply →
hybrid mid Full time $210K - $270K Foster City, CA

First indexed 27 May 2026

Description

We are seeking a mid-level Infrastructure Vulnerability Management Engineer with a strong background in Cloud Security, DevSecOps, and Infrastructure-as-Code (IaC). In this role, you will bridge the gap between security, compliance, DevOps, and Platform engineering teams.

Your primary responsibilities will include:

  • Performing continuous security scanning across our cloud posture and workloads, reviewing, validating, and prioritizing flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure.
  • Owning and optimizing Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools to ensure uniform compliance, prevent data leakage, and maintain hardened baselines.
  • Configuring, tuning, and embedding automated IaC security scanning tools into CI/CD pipelines to identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before they are deployed to production.
  • Managing the continuous vulnerability scanning lifecycle for container images, registries, and Virtual Machines (VMs), partnering with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines.
  • Tracking, documenting, and managing infrastructure vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS). Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals.
  • Escalating and reporting critical production exposures directly to the CISO and senior leadership. Maintain dashboards and alerting mechanisms that visualize infrastructure risk trends and cloud compliance posture.
  • Partnering with SRE, DevOps, and Platform teams to provide clear infrastructure mitigation paths. Assist in writing, reviewing, or modifying cloud configuration templates directly when necessary to resolve security flaws.
  • Assisting Incident Response teams during active cloud or host-level breaches. Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures to contain threats.

The ideal candidate will have 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles, with strong foundational experience working with multi-cloud environments. Hands-on experience operating modern infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or cloud-native options (GCP Security Command Center) is required. Proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows is also necessary.

This listing is enriched and indexed by YubHub. To apply, use the employer's original posting: https://jobs.ashbyhq.com/replit/4b290489-9ce6-45f9-bbc8-e1baa4bd8b6f