Senior Application Security Engineer
San Mateo, CA
Roblox
Roblox is the ultimate virtual universe that lets you create, share experiences with friends, and be anything you can imagine. Join millions of people and discover an infinite variety of immersive experiences created by a global community!Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
The Application Security Engineer will play a formative role in InfoSec's growth in Product Security where we work with teams early in their process to provide secure design solutions, standards, and guidelines. You may provide in-depth pen testing, threat modeling, or code reviews. You will also assist and lead the evaluation and integration of DevSecOps tools and participate in InfoSec's on-call rotation.
As a foundational member on the team. You will take on ownership of engagement projects with opportunities across different tech stacks, strive to discover gaps, and enable secure designs and mitigations. You'll take on projects for automating and scaling out the way application security is conducted across the company. Finally, you will define how we establish and grow our partnerships with other Roblox engineering organizations.
You Have:
- 4+ years of relevant professional experience.
- Experience writing and maintaining: code in at least one programming language such as Python, Golang or C#, and you want to learn new languages and technologies.
- Some experience with at least one scripting language (Bash, Lua, Python).
- Knowledge of cryptography, PKI, TLS and practical implementation of the same.
- Performed threat modeling.
- Experience of common code and network vulnerability types, impacts, and remediations.
- Experience with Secure Software Development Life Cycles. Knowledge of how product security and integrations.
- BA/BS degree in a relevant engineering field or equivalent practical experience.
- Experience operationalizing and communicating security best practices within a large-scale Internet environment.
- Familiarity with network and server hardware.
- Knowledge of Linux and Windows operating systems and security.
You Might Have:
- Experience with some compliance reporting, especially in PCI and ITGC. Familiarity with Privacy (GDPR, CA AB-375, and COPPA)
- Relevant certifications, i.e. OWASP, CSSLP, CEH CISSP, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, etc.
- Experience with AWS security (IAM, EC2, VPC, S3, etc.) and cloud best practices.
- Experience with network reconnaissance.
- Experience with software and/or security architecture.
- Experience with microservice architecture.
You will:
- Direct and assist Product Security guidance and process.
- Contribute to the ramp-up of Trust-by-Design security work, cross-functional engagements.
- Assist in Bug Bounty evaluation, and recommendations.
- Security Education and Training - preparation of materials and communication through diverse parts of the company. Contribution to security awareness programming.
- Perform Penetration Tests.
- Build automation tools to promote secure practices.
- Write secure libraries or code patches - especially scale secure code practices or prototype examples
- Design and implement the security framework into CI/CD.
- Test application code with the OWASP Testing Methodology
You’ll Love:
- Industry-leading compensation package
- Excellent medical, dental, and vision coverage
- A rewarding 401k program
- Flexible vacation policy
- Roflex - Flexible and supportive work policy
- Roblox Admin badge for your avatar
- At Roblox HQ:
- Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
- Onsite fitness center and fitness program credit
- Annual CalTrain Go Pass
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Tags: Application security Automation AWS Bash C CEH CI/CD CISM CISSP Cloud Compliance Cryptography DevSecOps EC2 GDPR GIAC Golang GSEC IAM Linux Lua OWASP Pentesting PKI Privacy Product security Python S3 Scripting TLS Windows
Perks/benefits: 401(k) matching Career development Equity Flex hours Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs