Staff Software Engineer, Risk

Replit Replit · Enterprise · Foster City, CA · Engineering

Staff Software Engineer, Risk at Replit, focusing on building AI-powered detection systems and LLM guardrails to defend the platform from exploitation by malicious actors. This role involves applying AI to security problems in a production environment, detecting and preventing various abuse scenarios like phishing, cryptomining, and prompt injection.

What you'd actually do

  1. Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions
  2. Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions
  3. Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions
  4. Design automated response mechanisms that enforce platform policies without manual intervention
  5. Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal

Skills

Required

  • 8+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection
  • Strong programming skills in Python and/or TypeScript for building detection systems and automation
  • Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)
  • Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection
  • Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors
  • Ability to investigate complex abuse patterns and translate findings into automated defenses
  • Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse
  • Clear communication skills for working across Security, Support, Legal, and Engineering teams.

Nice to have

  • Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
  • Background in fraud detection, payment abuse, or financial crime
  • Familiarity with device fingerprinting, IP reputation, and email validation services
  • Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
  • Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
  • Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems

What the JD emphasized

  • building detection systems, heuristics, and automated responses
  • building guardrails for AI-generated code
  • detecting prompt injection attacks at scale
  • using LLMs as a defensive tool against abuse
  • applying AI to security problems
  • shipping the systems that stop them at scale
  • building or fine-tuning ML/LLM-based classifiers for security or abuse detection
  • Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors

Other signals

  • LLM guardrails
  • AI-powered detection systems
  • LLMs as a defensive tool