Engineering Manager, Anti-Abuse & Security

About the Role

We're hiring a hands-on Engineering Manager to build and lead Replit's Anti-Abuse team from the ground up. This is a foundational 0-to-1 role: you'll define the anti-abuse roadmap, hire a small team of engineers and data analysts, and ship the systems that protect Replit's platform, users, and economics from adversarial actors. You'll partner across Support, Legal, Security, Infrastructure, and the Money and Growth teams to make abuse economically unviable while keeping friction low for legitimate users.

Replit sits at the frontier of AI-native abuse. Our platform is a target for phishing and scam hosting, cryptomining, LLM token farming, card and coupon fraud, and increasingly, abuse driven by AI agents themselves. The team you build will define how Replit defends against all of it.

What You'll Do

Build the anti-abuse roadmap from scratch: Define the threat model, prioritize across abuse vectors (phishing/scam hosting, cryptomining, token farming, payment fraud, AI agent exploitation), and translate it into a shipping plan with clear sequencing and tradeoffs.

Design progressive verification and identity infrastructure: Build the "ladder of trust" that gates increasing platform capabilities (referrals, additional credits, access to powerful agent features, Missions) behind escalating verification. This includes a humanity/identity layer that's distinct from user accounts, integrations with KYC-grade verification providers, and the policy engine that decides what level of trust unlocks what behavior. This infrastructure is core not just to promo integrity but to how Replit safely expands agent capabilities over time.

Ship as a hands-on EM: Stay in the code. Use the latest AI coding tools (including Replit Agent) to prototype detections, build internal tooling, and unblock your team. This role is for someone who multiplies their output with AI rather than stepping away from the craft.

Define the metrics that matter: Establish the measurement foundation for anti-abuse at Replit (abuse rate, fraud loss, false positive rate, time-to-detect, time-to-mitigate, verification step-up conversion) and build the data pipelines and dashboards to track them. Figure out what "good" looks like when no one has measured it before.

Hire and grow a small, high-leverage team: Start with a couple of software engineers and data analysts and scale from there. Hire for ownership, adversarial thinking, and AI-native execution. Build a culture where engineers use AI agents as force multipliers and ship fast without cutting corners on quality.

Operate cross-functionally: Partner with Support on abuse escalations and triage workflows, with Legal on compliance and takedown processes, with Security on overlapping threat surfaces, with Infrastructure on detection and enforcement primitives, and with the Money and Growth teams on the fraud-vs-conversion tradeoffs that sit at the heart of this work.

Make abuse economically unviable: Design adaptive friction systems that escalate verification only when risk signals warrant it. The goal isn't elimination; it's making Replit an unprofitable target while keeping the path clear for legitimate users.

What You'll Bring

• 6 to 10+ years of engineering experience with 2+ years managing teams, ideally in anti-abuse, trust and safety engineering, fraud, or an adjacent adversarial domain.
• A hands-on orientation: you still write code, review PRs, and prototype. Comfort using AI coding tools (Claude Code, Cursor, Replit Agent, or similar) as part of your daily workflow.
• Experience building detection and enforcement systems at scale: rules engines, ML-based risk scoring, reputation systems, identity and device signals, or similar.
• Experience with identity, KYC, or progressive verification systems is a significant plus. You've thought about how to layer trust signals and gate capabilities without wrecking conversion.
• Strong product and metrics intuition. You've defined success metrics for ambiguous problems and built the data infrastructure to measure them.
• Experience operating cross-functionally with Support, Legal, Security, and Growth teams. Comfort translating between technical detections and business impact.
• Crisp written communication and the ability to build clarity in an ambiguous, 0-to-1 environment.

Nice to Have

• Experience with AI-native abuse vectors (prompt injection, LLM token farming, agent-driven abuse) or a track record of adapting quickly to novel threat categories.
• Familiarity with payment fraud, card testing, coupon abuse, referral abuse, or promotional abuse.
• Experience integrating KYC and identity verification providers (Prove, Persona, Socure, Stripe Identity, or similar).
• Experience at a consumer platform, developer tool, or cloud provider with meaningful abuse surface area.
• Background in security, trust and safety, or fraud prevention at a hypergrowth company.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.