Security Engineer

We're building a first of its kind developer platform that can be used to learn and practice programming, build and deploy applications, and share and discuss with a community of peers. We realize this is an ambitious plan, but we think it's high time someone built this. There is no good reason for the insane fragmentation in programming tools today -- someone learning to code needs to learn at least ten disjointed tools and platforms to do anything interesting with programming.

We're on a mission to make programming more accessible by building the best, simplest, and fastest coding environment. Replit is a place to not only learn and practice programming but also to collaborate and ship applications.

At Replit, we give people computing superpowers. Most people use these superpowers for good. A small number use them to attack Replit itself or other community members. If we can prevent or automatically detect most abuse, we can maintain the most open compute platform on the internet and teach millions of people to code. Security is a key competitive advantage for us -- this is an opportunity to have meaningful impact to our mission.

Roles & Responsibilities:

Create proof-of-concept attacks on Replit Infrastructure We are particularly interested in wide-scale attacks that can be launched from Replit itself Mitigate those attacks Describe and implement best practices to guard against attacks Develop monitoring to detect abuse

Key Qualifications:

Experience penetrating internet services The ability to write clear steps to reproduce an attack A keen eye for unintended consequences and emergent behavior Bonus Points Experience attacking or defending Platform/Infrastructure/Runtime as a Service

Job Location: Global (overlap 4 hours with US Pacific Time)

Most of our time is spent building two core areas of our technology -- the IDE and the container infrastructure. We created the world's fastest and first server-rendered IDE. The IDE has a small functional core -- borrowing ideas from Redux -- everything is a plugin. This architecture allows us to build an adaptable IDE where it starts very simple and grows with the user as they learn more and require more features -- this is crucial for new programmers.

As for our infrastructure, we're building a new kind of computing platform: it's Serverless in that users don't have to care about the underlying resources, but it's not Serverless in that it's stateful. This way it's interactive, and since we're focused on newcomers, it's a much more natural programming model. We're also building a filesystem abstraction that allows your working directory to travel with your container between development and production and as it goes offline and online -- a persistent and versioned working directory.