All interviews
Replit logo

Replit

Mid

Own Replit's vulnerability lifecycle end to end — from bug bounty triage and reproduction to remediation coordination and CVE disclosure.

Replit is hiring a PSIRT Engineer to lead vulnerability response for its cloud-native AI platform, owning intake from HackerOne and other channels through validation, remediation coordination, and public disclosure. The role requires hands-on ability to reproduce and severity-score vulnerabilities across web/app/cloud exploit classes, plus running the bug bounty program and coordinating CVEs. This interview probes technical vulnerability triage depth, cross-team remediation coordination, and program/process ownership (bug bounty, disclosure, SLAs).

Step into this interview

Free · a live voice mock calibrated to this exact role

Practice this interview

What this interview tests

  • Independent vulnerability validation, reproduction, and severity scoring
  • Web/app/cloud exploit classes, OWASP Top 10, authN/Z (OAuth/OIDC) risks
  • Bug bounty program design and researcher/community management
  • Remediation coordination across Engineering, SecOps, SRE, Cloud Security
  • Coordinated disclosure and CVE management

Common question themes

Walk through how you'd triage and reproduce an ambiguous bug bounty submission

How do you severity-score a finding involving OAuth/OIDC misconfiguration

Tell me about negotiating a disclosure timeline or reward dispute with a researcher

How would you drive a remediation to meet an SLA when engineering deprioritizes it

Design or evolve a bug bounty program's scope and reward structure

View the original posting

Related interviews