Senior/Principal software Engineer - Vulnerability Research
San Mateo, CA, United States
Roblox
Roblox is an immersive platform for communication and connection. Join millions of people and discover an infinite variety of immersive experiences created by a global community.Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
The Engine Security team focuses on solving complex engineering challenges to protect Roblox Engine from potential malicious users and attackers. As a Software Engineer specializing in Vulnerability Research within the Engine Security team, your role will encompass several key responsibilities:
You Will:
- Report directly into the Engineering Manager
- Research and identify dangerous vulnerabilities in Roblox engine software architecture (C++/Lua)
- Develop new tools to automate vulnerability discovery and configure/utilize existing ones for static code analysis and fuzzing
- Review code and system designs manually or in a more freestyle approach, using your security knowledge and experience to improve security
- Communicate, document, prioritize, and actively drive the mitigation of security issues
- Collaborate with Roblox engineering and information security teams to help mitigate flaws in software and systems
- Debug security issues
- Research, design, and apply advanced techniques for building secure systems
- Contribute to the establishment of a vulnerability management program, the development of secure development guidelines, and the implementation of a security review process
You Have:
- Threat Modeling: You will actively contribute to threat modeling efforts, enhancing our understanding of potential vulnerabilities
- Vulnerability Research: You will conduct research using security testing tools and a more manual approach
- Vulnerability Management: You will review on vulnerabilities, prioritize them based on impact and apply mitigation mechanisms to effectively manage them
- Issue Debugging: You will resolve issues, including engine security bugs reported through our Bug Bounty program
You will have a unique opportunity to work with some of the industry's most security software engineers within our expanding Engine team.
- Proficiency: You're a software engineer with substantial experience in C++.
- Security Expertise: You have more than 5 years of in-depth technical knowledge of common security vulnerabilities and risks.
- Technical Understanding: You have a grasp of C++ memory vulnerabilities, Linux local privilege escalation, and container escapes.
- Threat awareness: You have expertise in application threat modeling, vulnerability research, risk assessment, and security testing.
- Mitigation strategies: You are experienced in developing strategies to mitigate software and system vulnerabilities.
- Engine/platform focus: You are enthusiastic about developing security mechanisms from scratch to protect a game engine or a similar platform, and you are comfortable developing cross-platform code.
Roles that are based in our San Mateo, CA Headquarters are in-office Tuesday, Wednesday, and Thursday, with optional in-office on Monday and Friday (unless otherwise noted).
You’ll Love:
- Industry-leading compensation package
- Excellent medical, dental, and vision coverage
- A rewarding 401k program
- Flexible vacation policy
- Roflex - Flexible and supportive work policy
- Roblox Admin badge for your avatar
- At Roblox HQ:
- Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
- Onsite fitness center and fitness program credit
- Annual CalTrain Go Pass
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Tags: C Code analysis Linux Lua Risk assessment Vulnerabilities Vulnerability management
Perks/benefits: Career development Equity Flex hours Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs