
Replit
Mid
Own Replit's vulnerability lifecycle end to end — from bug bounty triage and reproduction to remediation coordination and CVE disclosure.
Replit is hiring a PSIRT Engineer to lead vulnerability response for its cloud-native AI platform, owning intake from HackerOne and other channels through validation, remediation coordination, and public disclosure. The role requires hands-on ability to reproduce and severity-score vulnerabilities across web/app/cloud exploit classes, plus running the bug bounty program and coordinating CVEs. This interview probes technical vulnerability triage depth, cross-team remediation coordination, and program/process ownership (bug bounty, disclosure, SLAs).
走进这场面试
免费 · 一场按这个岗位校准的真语音模拟
这场面试考什么
- Independent vulnerability validation, reproduction, and severity scoring
- Web/app/cloud exploit classes, OWASP Top 10, authN/Z (OAuth/OIDC) risks
- Bug bounty program design and researcher/community management
- Remediation coordination across Engineering, SecOps, SRE, Cloud Security
- Coordinated disclosure and CVE management
常见提问方向
Walk through how you'd triage and reproduce an ambiguous bug bounty submission
How do you severity-score a finding involving OAuth/OIDC misconfiguration
Tell me about negotiating a disclosure timeline or reward dispute with a researcher
How would you drive a remediation to meet an SLA when engineering deprioritizes it
Design or evolve a bug bounty program's scope and reward structure
相关面试

Replit
Senior
Senior Software Engineer, Trust & Safety

Replit
Senior
Field Engineer

Replit
Staff
Staff Software Engineer, Enterprise Platform

Netflix
Mid
Security Software Engineer (L4), Detection Engineering

Databricks
Senior
Sr Security Engineer, Incident Response

Instacart
Senior