Staff Software Engineer, Fraud

Replit
Foster City, CA, USA2026-05-26Hybrid

About the job

The Fraud team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them.

Responsibilities

Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions

Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions

Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions

Design automated response mechanisms that enforce platform policies without manual intervention

Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal

Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules

Maintain and extend internal detection tools (Slurper, Netwatch) that continuously monitor user activity

Integrate and tune security scanners (SAST, SCA) in CI pipelines with tight performance SLAs

Track abuse trends, measure detection effectiveness, and adapt defenses as attack patterns evolve

Qualifications

Minimum

8+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection

Strong programming skills in Python and/or TypeScript for building detection systems and automation

Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)

Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection

Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors

Ability to investigate complex abuse patterns and translate findings into automated defenses

Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse

Clear communication skills for working across Security, Support, Legal, and Engineering teams.

Preferred

Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)

Background in fraud detection, payment abuse, or financial crime

Familiarity with device fingerprinting, IP reputation, and email validation services

Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)

Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)

Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems