
Replit
Mid
Own Replit's vulnerability lifecycle end to end — from bug bounty triage and reproduction to remediation coordination and CVE disclosure.
Replit is hiring a PSIRT Engineer to lead vulnerability response for its cloud-native AI platform, owning intake from HackerOne and other channels through validation, remediation coordination, and public disclosure. The role requires hands-on ability to reproduce and severity-score vulnerabilities across web/app/cloud exploit classes, plus running the bug bounty program and coordinating CVEs. This interview probes technical vulnerability triage depth, cross-team remediation coordination, and program/process ownership (bug bounty, disclosure, SLAs).
Step into this interview
Free · a live voice mock calibrated to this exact role
What this interview tests
- Independent vulnerability validation, reproduction, and severity scoring
- Web/app/cloud exploit classes, OWASP Top 10, authN/Z (OAuth/OIDC) risks
- Bug bounty program design and researcher/community management
- Remediation coordination across Engineering, SecOps, SRE, Cloud Security
- Coordinated disclosure and CVE management
Common question themes
Walk through how you'd triage and reproduce an ambiguous bug bounty submission
How do you severity-score a finding involving OAuth/OIDC misconfiguration
Tell me about negotiating a disclosure timeline or reward dispute with a researcher
How would you drive a remediation to meet an SLA when engineering deprioritizes it
Design or evolve a bug bounty program's scope and reward structure
Related interviews

Replit
Senior
Senior Software Engineer, Trust & Safety

Replit
Senior
Field Engineer

Replit
Staff
Staff Software Engineer, Enterprise Platform

Netflix
Mid
Security Software Engineer (L4), Detection Engineering

Databricks
Senior
Sr Security Engineer, Incident Response

Instacart
Senior