Replit, Inc.
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.
About the role The Anti-Abuse team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them.
In this role you will…
Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions
Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions
Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions
Design automated response mechanisms that enforce platform policies without manual intervention
Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal
Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules
Maintain and extend internal detection tools (Slurper, Netwatch) that continuously monitor user activity
Integrate and tune security scanners (SAST, SCA) in CI pipelines with tight performance SLAs
Track abuse trends, measure detection effectiveness, and adapt defenses as attack patterns evolve
Required skills and experience:
4+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection
Strong programming skills in Python and/or TypeScript for building detection systems and automation
Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)
Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection
Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors
Ability to investigate complex abuse patterns and translate findings into automated defenses
Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse
Clear communication skills for working across Security, Support, Legal, and Engineering teams.
Nice to have:
Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
Background in fraud detection, payment abuse, or financial crime
Familiarity with device fingerprinting, IP reputation, and email validation services
Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems
Tools + Tech Stack for this role
Languages:
Python, TypeScript, Go, SQL
Data:
BigQuery, Hex
Detection tools:
Slurper, Netwatch, Stytch (device fingerprint); ClearOut (email reputation)
CI/CD Security:
Dependabot, Snyk, SAST/SCA scanners
Infrastructure:
GCP, Kubernetes
Collaboration:
Linear, Slack, Zendesk (for abuse reports)
This role may not be a fit if
You prefer deep security research over building operational detection systems
You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our Security team)
You're looking for a role with predictable, well-defined problems rather than constantly adapting to adversarial behavior
You prefer working in isolation rather than partnering closely with Support, Legal, and cross-functional teams
You're uncomfortable making enforcement decisions that affect real users
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program
⚕️ Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Commuter Benefits
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement
Flexible Time Off (FTO) + Holidays
Quarterly Team Gatherings
☕ In Office Amenities
Want to learn more about what we are up to?
Meet the Replit Agent
Replit: Make an app for that
Replit Blog
Amjad TED Talk
Interviewing + Culture at Replit
Operating Principles
Reasons not to work at Replit
To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.
#J-18808-Ljbffr
About the role The Anti-Abuse team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them.
In this role you will…
Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions
Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions
Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions
Design automated response mechanisms that enforce platform policies without manual intervention
Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal
Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules
Maintain and extend internal detection tools (Slurper, Netwatch) that continuously monitor user activity
Integrate and tune security scanners (SAST, SCA) in CI pipelines with tight performance SLAs
Track abuse trends, measure detection effectiveness, and adapt defenses as attack patterns evolve
Required skills and experience:
4+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection
Strong programming skills in Python and/or TypeScript for building detection systems and automation
Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)
Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection
Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors
Ability to investigate complex abuse patterns and translate findings into automated defenses
Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse
Clear communication skills for working across Security, Support, Legal, and Engineering teams.
Nice to have:
Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
Background in fraud detection, payment abuse, or financial crime
Familiarity with device fingerprinting, IP reputation, and email validation services
Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems
Tools + Tech Stack for this role
Languages:
Python, TypeScript, Go, SQL
Data:
BigQuery, Hex
Detection tools:
Slurper, Netwatch, Stytch (device fingerprint); ClearOut (email reputation)
CI/CD Security:
Dependabot, Snyk, SAST/SCA scanners
Infrastructure:
GCP, Kubernetes
Collaboration:
Linear, Slack, Zendesk (for abuse reports)
This role may not be a fit if
You prefer deep security research over building operational detection systems
You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our Security team)
You're looking for a role with predictable, well-defined problems rather than constantly adapting to adversarial behavior
You prefer working in isolation rather than partnering closely with Support, Legal, and cross-functional teams
You're uncomfortable making enforcement decisions that affect real users
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program
⚕️ Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Commuter Benefits
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement
Flexible Time Off (FTO) + Holidays
Quarterly Team Gatherings
☕ In Office Amenities
Want to learn more about what we are up to?
Meet the Replit Agent
Replit: Make an app for that
Replit Blog
Amjad TED Talk
Interviewing + Culture at Replit
Operating Principles
Reasons not to work at Replit
To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.
#J-18808-Ljbffr