Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
As a Senior Application Security Engineer, you will be a foundational member on the Information Security (InfoSec) team at Roblox. You'll take on ownership of engagement projects with opportunities across several tech stacks, striving to discover gaps and ensure secure designs and mitigations. You'll take on projects for automating and scaling out the way application security is conducted across the company. Finally, you will define how we establish and grow our partnerships with Roblox engineering organizations.
- Report to the Senior Engineering Manager of Application Security
- Direct and assist Product Security guidance and process
- Contribute to the ramp-up of Trust-by-Design security work
- Work on Bug Bounty issues
- Contribute to security awareness and training
- Write secure libraries or code patches - especially scale secure code practices or prototype examples
- Design and implement the security framework into CI/CD.
- Test application code with the OWASP Testing Methodology
- 4+ years of experience working as an application security engineer
- Working knowledge in C#/.Net, C++, Golang, or Rust with proficiency in at least one
- Experience with at least one scripting language (Bash, Lua, Python)
- Knowledge of cryptography, PKI, TLS and practical implementation of the same
- Experience creating or performing threat modeling
- Experience of common code and network vulnerability types, impacts, and remediations
- Experience with Software Development Life Cycles, with knowledge of how product security may integrate with it
- BA/BS degree in a relevant engineering field or equivalent practical experience
- Experience operationalizing and communicating security best practices within a large-scale Internet environment
- Familiarity with network and server hardware
- Knowledge of Linux and Windows operating systems and security
- Experience with *nix systems and shells, daemons, and processes
- Experience with microservice architecture
- Collaborative: You love working with your direct team and cross-functional partners
For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future. All full-time employees are also eligible for equity compensation and for benefits.
Annual Salary Range
- Industry-leading compensation package
- Excellent medical, dental, and vision coverage
- A rewarding 401k program
- Flexible vacation policy
- Roflex - Flexible and supportive work policy
- Roblox Admin badge for your avatar
- At Roblox HQ:
- Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
- Onsite fitness center and fitness program credit
- Annual CalTrain Go Pass
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.