Product Security Architect

Replit
Foster City, US
On-site

Who this role is best for

Aimed at mid-level security architects with multi-tenant SaaS expertise who thrive in technical mentorship roles and require in-office presence three days a week.

Best fit for

  • Security architects with a track record of defining secure SaaS architectures.
    — “define and implement the application security architecture for our multi-tenant SaaS platform
  • Technical leaders comfortable influencing without direct authority.
    — “drive technical alignment across the organization through expertise and collaboration rather than direct authority
  • Hands-on coders who can review Python/Go/JavaScript for security flaws.
    — “Strong programming background (Python/Go/JavaScript) with proven ability to conduct code review

Things to consider

  • Mandatory in-office days three times per week in Foster City.
    — “The role has an in-office requirement of Monday, Wednesday, and Friday
  • Expected to translate technical designs into audit-ready documentation.
    — “translate complex architectural designs into clear, audit-ready documentation and control frameworks

How to stand out

  • Demonstrate experience with AI agent-based SaaS products.
    — “Experience with AI Agent-based Saas products is a plus
  • Highlight instances where you've mentored engineering teams on security.
    — “Serve as the primary security mentor and subject matter expert for engineering teams
  • Prepare examples of risk register contributions.
    — “Strong track record of contributing to Cybersecurity Risk Register
Pace · SteadyCollaboration · HighAutonomy · HighDecision Impact · CompanyLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Defined and implemented secure product blueprint
  • Led high-impact security initiatives
Typical background
Product SecurityApplication Security

Skills & requirements

Required

Application SecurityThreat ModelingAuthentication/authorizationMulti-tenant Saas SecurityCode Review

Preferred

AI SecurityPythonGoJavaScript

Stack & domain

Product SecurityApplication SecurityAuthenticationAuthorizationMulti-tenant SaasTenant SeparationRbacByokApi DesignSession/cookie/token ManagementThreat ModelingCode ReviewPythonGoJavaScriptMtlsOIDCOAuthSAMLThird-party Risk AssessmentAudit/application LoggingConfigurationEncryptionCustomer ByokIdentity & Access ManagementProblem-solvingCollaborationCommunicationLeadershipSecurityAudit

About the role

Original posting from Replit via Ashby

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

ABOUT THE ROLE

We are looking for a Product Security Architect to serve as the subject matter expert for Replit’s secure product blueprint. In this critical role, you will define and implement the application security architecture for our multi-tenant SaaS platform, ensuring our platform is resilient and secure by design. You will be a key technical contributor—leading high-impact security initiatives and providing deep subject matter expertise to both the engineering organization and executive leadership.

WHAT YOU'LL DO

PRODUCT SECURITY STRATEGY & MENTORSHIP

  • Security Mentorship: Serve as the primary security mentor and subject matter expert for engineering teams, fostering a culture of technical excellence and rigorous security design.
  • Product Vision: Define the product security vision, ensuring consistency across complex application architecture projects.
  • Project Execution: Lead the security implementation of new product features from initial design to final production deployment.
  • Threat Modeling: Conduct proactive threat modeling for new product features and major architectural changes.
  • Application Security Design: Define and enforce best practices around application security, including audit/application logging, configuration, tenant separation, encryption, customer BYOK, RBAC design, API design, and Session/cookie/token management.
  • Identity & Access: Define and implement secure Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) for multi-tenant SaaS products.
  • Third-Party Risk: Assess and mitigate risks associated with application third-party integrations such as payment, AI models, code repositories, etc.
  • Code Review: Apply a strong programming background (Python/Go/JavaScript) to perform hands-on code reviews when needed to validate security controls.

RISK MANAGEMENT & CROSS-FUNCTIONAL ENABLEMENT

  • Maintain the Source of Truth: Define and maintain (document) the authoritative “Source of Truth” for Replit’s secure architecture, ensuring these patterns are consistently adopted across all engineering teams.
  • Contribution to Risk Register: Actively identify, document, and quantify architectural security risks. You will be responsible for ensuring these are accurately reflected in the Cybersecurity Risk Register.
  • Security Team Support: Support other security teams like GRC, Pentesting, Vulnerability Management, and PSIRT.
  • Compliance & Documentation: Partner with GRC teams to translate complex architectural designs into clear, audit-ready documentation and control frameworks.
  • GTM & Sales Support: Act as the technical bridge for the Sales team, addressing complex security inquiries from enterprise customers regarding Replit's architectural integrity.

REQUIRED SKILLS & EXPERIENCE

  • 8+ years of experience in product security engineering or architecture, specifically with Multi-tenant SaaS products.
  • Experience with AI Agent-based Saas products is a plus.
  • Deep expertise in common product security practices (e.g., tenant separation, RBAC, BYOK, secure API design, session/token management).
  • Expertise in Authentication/Authorization protocols (mTLS/OIDC/OAuth/SAML) in a multi-tenant SaaS environment.
  • Strong programming background (Python/Go/JavaScript) with proven ability to conduct code review.
  • Experience writing and maintaining Architecture documents.
  • Exceptional ability to communicate technical risk to both engineering and executive audiences.
  • Strong track record of contributing to Cybersecurity Risk Register.

WHAT WE VALUE

  • Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
  • Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
  • Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.
  • Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match (US Only)

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

🚗 Commuter Benefits (In-Office Only)

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement (In-Office Only)

🚀 Quarterly Team Gatherings

☕ In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

  • Meet the Replit Agent https://www.youtube.com/watch?v=IYiVPrxY8-Y
  • Replit: Make an app for that https://www.youtube.com/watch?v=4zd9hzngFwY
  • Replit Blog https://blog.replit.com/
  • Amjad TED Talk https://youtu.be/kCudFI4tcpg?si=l4ViCejV_f2RZkDi

Interviewing + Culture at Replit

  • Operating Principles https://blog.replit.com/operating-principles
  • Reasons not to work at Replit https://blog.replit.com/reasons-not-to-join-replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Source: Replit careers (Ashby)

Similar roles