Jobs · Engineering · California

Staff Software Engineer, Fraud

Replit · Foster City, CA · 3 wk ago
HybridEngineering$250k–$315k/yrFull-time

About the role

The Fraud team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them.

Responsibilities

  • Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions
  • Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions
  • Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions
  • Design and implement automated response mechanisms that enforce platform policies without manual intervention
  • Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal
  • Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules
  • Maintain and extend internal detection tools (Slurper, Netwatch) that continuously monitor user activity
  • Integrate and tune security scanners (SAST, SCA) in CI pipelines with tight performance SLAs
  • Track abuse trends, measure detection effectiveness, and adapt defenses as attack patterns evolve

Requirements

8+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection

Strong programming skills in Python and/or TypeScript for building detection systems and automation

Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)

Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection

Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors

Ability to investigate complex abuse patterns and translate findings into automated defenses

Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse

Clear communication skills for working across Security, Support, Legal, and Engineering teams

Qualifications

Nice to have:

  • Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
  • Background in fraud detection, payment abuse, or financial crime
  • Familiarity with device fingerprinting, IP reputation, and email validation services
  • Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
  • Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
  • Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems

Skills

  • Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
  • Background in fraud detection, payment abuse, or financial crime
  • Familiarity with device fingerprinting, IP reputation, and email validation services
  • Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
  • Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
  • Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems

Benefits

  • Competitive Salary & Equity
  • 401(k) Program with a 4% match (US Only)
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Flexible Time Off (FTO) + Holidays
  • Social Events
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement (In-Office Only)
  • Quarterly Team Gatherings

Similar jobs