Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
As a Senior Application Security Engineer, you will be a key contributor on the Information Security team at Roblox. You’ll take ownership of working with partner teams to design secure products and systemically reduce risk throughout the product and software development lifecycle. You’ll have the opportunity to execute on fundamental and innovative projects that help Roblox automate and scale how application security is conducted across the company. This is a hybrid in-office role and you will report directly to the Engineering Manager leading our Application Security team responsible for security reviews and other critical front-line defenses.
You will:
- Own Product Security across key partner Groups
- Lead a high profile bug bounty program
- Automate tools and processes to mature workflows and address application security control gaps
- Partner with other Information Security pods to mature the security posture of partner Groups and all of Roblox
You have:
- 3+ years of relevant professional experience
- Proficiency in at least one programming language (e.g., Python, Go, C#) and a desire to learn new technologies
- Experience with threat modeling and a strong understanding of common code and network vulnerability types, impacts, and remediations
- Knowledge of product security and operationalizing security best practices within large-scale internet environments
- Familiarity with network and server hardware, solid understanding of Linux and Windows operating system security, and network fundamentals
- BA/BS degree in a relevant engineering field or equivalent practical experience.
- (Nice to have) Experience with network reconnaissance, micro-service architecture, software/security architecture, AWS security (IAM, EC2, VPC, S3, etc.) and cloud best practices
You:
- Take the long view on application security, designing solutions that build resilient, future-proof systems and guide our short-term decisions.
- Get stuff done, proactively identifying and mitigating risks and relentlessly iterating on our security posture to ensure continuous improvement.
- Make critical decisions that prioritize everyone's best interests and contribute to a shared ownership of outcomes.