
Replit
Replit Senior Software Engineer Interview
Focus areas and question themes aggregated from 2 current openings — pick any opening below and practice a voice mock calibrated to it.
Replit Senior Software Engineer mock interview
A live voice mock calibrated to this role — real questions, the real follow-up rhythm, and a score at the end. Free to start.
Replit's Senior Software Engineer family spans two very different problems under one title: building LLM-based abuse detection for Trust & Safety, and building the cloud infrastructure — hosting, publishing, custom domains — that Replit Cloud runs on. Both postings expect senior-level ownership and comfort operating with ambiguity on an AI-native platform.
What this interview tests
- Adversarial detection system design — The Trust & Safety posting wants you to design detection for a specific abuse pattern like phishing, cryptomining, or token farming against an attacker that keeps adapting.
- ML/LLM classifier work for security — Building or fine-tuning LLM-based classifiers, and detecting prompt injection or jailbreaking against an AI agent, are named directly.
- Full-stack ownership across the stack — The Cloud posting expects fluency from TypeScript/React down to Go/Postgres/Terraform on a single feature.
- Cloud infrastructure fundamentals — Hosting, storage, custom domains, and dev/prod environment splitting are named as the concrete infrastructure surfaces.
- Automated enforcement with human-in-the-loop judgment — Both the detection and the cloud postings care about where automation should stop and a human should decide, whether that's abuse enforcement or an architecture tradeoff.
- Autonomous execution on ambiguous problems — The Cloud posting explicitly wants self-directed work on high-impact but loosely-defined initiatives.
Common question themes
Design a detection system for a specific abuse pattern — phishing, cryptomining, or token farming — on our platform.
Directly lifted from the Trust & Safety posting's core responsibility.
Tell me about building or fine-tuning an ML/LLM classifier for security or abuse detection.
Named as a specific skill in the Trust & Safety posting.
How would you detect prompt injection or jailbreaking attempts against an AI agent?
Called out as an LLM-specific attack vector unique to an AI-native coding platform.
Where do you draw the line between automated enforcement and human review, and why?
The Trust & Safety posting frames this as a judgment call the engineer owns, not a fixed policy.
Walk me through a full-stack feature you owned from design to production.
The Cloud posting expects ownership across the entire stack, not just one layer.
How would you design a system for app publishing or hosting with dev-prod environment splitting?
Named directly as a Replit Cloud infrastructure responsibility.
Tell me about an architectural decision you made and its tradeoffs.
Both postings ask candidates to defend a real decision rather than describe an ideal one.
How do you work autonomously on an ambiguous, high-impact initiative?
The Cloud posting explicitly tests self-directed execution without close guidance.
Likely format
Neither posting states a format. Given that one posting is security-system-design-heavy and the other is full-stack-architecture-heavy, expect the loop to differ by which posting you're targeting — likely a system design conversation plus behavioral ownership questions in both cases, but that's inferred from question style, not confirmed.
All 2 Replit openings in this role
Frequently asked questions
Are the Trust & Safety and Replit Cloud postings the same interview?
They share a title and seniority bar but test different things — Trust & Safety goes deep on abuse detection and LLM classifiers, while Replit Cloud goes deep on full-stack infrastructure ownership, so prep should follow whichever posting you applied to.
Do I need machine learning experience for the Trust & Safety role?
Yes — the posting specifically asks about building or fine-tuning ML/LLM-based classifiers for abuse and security detection, not just writing detection rules by hand.
What does 'full-stack' mean for the Replit Cloud role?
It spans TypeScript/React on the frontend down to Go, Postgres, and Terraform on the backend and infrastructure side, applied to features like hosting, publishing, and custom domains.