Every day, tens of millions of people from around the world come to Roblox to play, learn, work, and socialize in immersive digital experiences created by the community. Our vision is to build a platform that enables shared experiences among billions of users. This is what’s known as the metaverse: a persistent space where anyone can do just about anything they can imagine, from anywhere in the world and on any device. Join us and you’ll usher in a new category of human interaction while solving exceptional challenges that you won’t find anywhere else.

The Principal Application Security Engineer will play a formative role in InfoSec's growth in Product Security where we work with teams early in their process to provide secure design solutions and standards. You may provide in-depth pen testing, threat modeling, or code reviews. You will also assist and lead the evaluation and integration of DevSecOps tools and participate in InfoSec's on-call rotation.

As a foundational member on the team, you'll take on company wide engagement projects with opportunities across different tech stacks, driving remediation projects with other engineering leaders to resolve anti-patterns. You'll create and evolve the technical vision for scaling out the way application security is conducted across the company. You'll mentor and lead application security engineers as we grow the team and shape the future of application security and secure development at Roblox.

You Have:

  • 8+ years of relevant professional experience.

  • Expertise in breaking down security technical problems and solutions to engineering and non-engineering leadership.

  • Expertise in building relationships and influencing partner principal engineers across teams.

  • Experience with software and/or infrastructure architecture.

  • Experience defining secure architectures.

  • Proficiency in at least one programming language such as Python, Golang or C#, and you want to learn new languages and technologies.

  • Some experience with at least one scripting language (Bash, Lua, Python).

  • Knowledge of cryptography, PKI, TLS and practical implementation of the same.

  • Performed threat modeling.

  • Experience of common code and network vulnerability types, impacts, and remediations.

  • Experience with Secure Software Development Life Cycles. Knowledge of product security and integrations.

  • BA/BS degree in a relevant engineering field or equivalent practical experience.

  • Experience operationalizing and communicating security best practices within a large-scale Internet environment.

  • Familiarity with network and server hardware.

  • Knowledge of Linux and Windows operating systems and security.

You Might Have:

  • Experience with some compliance reporting, especially in PCI and ITGC. Familiarity with Privacy (GDPR, CA AB-375, and COPPA)

  • Relevant certifications, i.e. OWASP, CSSLP, CEH CISSP, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, etc.

  • Experience with AWS security (IAM, EC2, VPC, S3, etc.) and cloud best practices.

  • Experience with network reconnaissance.

  • Experience with software and/or security architecture.

  • Experience with microservice architecture.

You Will:

  • Direct and assist Product Security guidance and process.

  • Define secure architectures

  • Lead organizational and company wide security initiatives to resolve deep-seated security anti-patterns

  • Create cross company relationships for accomplishing security goals

  • Empower cross org and team security fixes for Trust-by-Design security work, cross-functional engagements

  • Security Education and Training - preparation of materials and communication through diverse parts of the company. Contribution to security awareness programming.

  • Shape strategy and expansion of our automation of Application Security

  • Build and implement strategies and tools for scaling application and product security out

  • Design and implement the security framework into CI/CD.

  • Test application code with the OWASP Testing Methodology

You’ll Love:

  • Industry-leading compensation package

  • Excellent medical, dental, and vision coverage

  • A rewarding 401k program

  • Flexible vacation policy

  • Roflex - Flexible and supportive work policy

  • Roblox Admin badge for your avatar

  • At Roblox HQ:

    • Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks

    • Onsite fitness center and fitness program credit

    • Annual CalTrain Go Pass

Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.