Security Engineering Manager
We're building a first of its kind developer platform that can be used to learn and practice programming, build and deploy applications, and share and discuss with a community of peers. We realize this is an ambitious plan, but we think it's high time someone built this. There is no good reason for the insane fragmentation in programming tools today -- someone learning to code needs to learn at least ten disjointed tools and platforms to do anything interesting with programming.
We're on a mission to make programming more accessible by building the best, simplest, and fastest coding environment. Replit is a place to not only learn and practice programming but also to collaborate and ship applications.
At Replit, we give people computing superpowers. Most people use these superpowers for good. A small number use them to attack Replit itself or other community members. If we can prevent or automatically detect most abuse, we can maintain the most open compute platform on the internet and teach millions of people to code. Security is a key competitive advantage for us -- this is an opportunity to have meaningful impact to our mission.
Roles & Responsibilities
* Be the founding security engineer at Replit.
* Start out as & stay a strong security engineer:
* Create proof-of-concept attacks on Replit Infrastructure
* We are particularly interested in wide-scale attacks that can be launched from Replit itself
* Mitigate those attacks
* Describe and implement best practices and company-wide policies to guard against attacks
* Develop monitoring to detect abuse
* Set team priorities with input from the rest of Replit
* Help team members grow through constant feedback in 1:1s
* Hire more awesome security engineers
* Find and overcome technical and organizational bottlenecks
* Ensure Replit keeps making bold, yet safe, moves as it grows
* Experience leading successful teams
* Comfortable having hard conversations as soon as they are needed
* Good product and design sense
* Experience penetrating and/or defending internet services
* A keen eye for unintended consequences and emergent behavior
* Self-directed and comfortable working autonomously
* Experience attacking or defending Platform/Infrastructure/Runtime as a Service
Global (overlap 4 hours with US Pacific Time)
Most of our time is spent building two core areas of our technology -- the IDE and the container infrastructure. We created the world's fastest and first server-rendered IDE. The IDE has a small functional core -- borrowing ideas from Redux -- everything is a plugin. This architecture allows us to build an adaptable IDE where it starts very simple and grows with the user as they learn more and require more features -- this is crucial for new programmers.
As for our infrastructure, we're building a new kind of computing platform: it's Serverless in that users don't have to care about the underlying resources, but it's not Serverless in that it's stateful. This way it's interactive, and since we're focused on newcomers, it's a much more natural programming model. We're also building a filesystem abstraction that allows your working directory to travel with your container between development and production and as it goes offline and online -- a persistent and versioned working directory.