
Replit
Mid
Own cloud posture, IaC security, and container vulnerability lifecycle for Replit's multi-cloud (GCP-heavy) production environment
This role bridges Security, Compliance, DevOps, and Platform engineering at Replit, owning CSPM/KSPM/DSPM tooling, embedding IaC scanners into CI/CD, and running the vulnerability lifecycle for containers and VMs against SOC 2/ISO 27001/PCI-DSS SLAs. Deep GCP expertise is preferred with working AWS/Azure knowledge, plus Terraform/Pulumi and GitOps fluency. Expect scenario questions on triaging cloud misconfigurations by exploitability, tuning IaC scanners (Checkov/Tfsec/KICS), and acting as infra responder during a live incident.
走进这场面试
免费 · 一场按这个岗位校准的真语音模拟
这场面试考什么
- Cloud Security Posture Management (CSPM/KSPM/DSPM) and misconfiguration triage
- IaC security scanning embedded in CI/CD (Checkov/Tfsec/KICS)
- Container and Kubernetes vulnerability lifecycle (GKE/EKS)
- Multi-cloud depth with GCP primary, AWS/Azure secondary
- Compliance-driven tracking (SOC 2, ISO 27001, PCI-DSS) and incident response support
常见提问方向
How would you triage and prioritize a CSPM finding beyond its raw CVSS score
Walk through embedding an IaC scanner into a CI/CD pipeline and tuning false positives
Describe your GCP security depth versus AWS or Azure experience
How have you built automated container base-image patching pipelines
How do you track vulnerability remediation against SOC 2 or PCI-DSS SLAs with audit evidence
Tell me about a time you acted as technical responder during a live cloud security incident
相关面试

Replit
Senior
Senior Software Engineer, Trust & Safety

Replit
Senior
Field Engineer

Replit
Staff
Staff Software Engineer, Enterprise Platform

ElevenLabs
Mid
Infrastructure Security Engineer

Dropbox
Mid
Site Reliability Engineer

Affirm
Senior