Senior Security Software Engineer, Application Security

Security at Roblox is responsible for engineering and designing secure systems from inception through production defining security standards and processes and enabling product and infrastructure teams to build securely by default. The Application Security (AppSec) team works closely with engineering partners early in the design and development lifecycle to provide secure architectures standards and scalable solutions.

As a Senior Security Software Engineer in Application Security you will be a hands-on security engineer who designs builds and ships security solutions. This is a hybrid in-office role and you will report to the Senior Manager leading our Application Security team responsible for Secure Software Development Lifecycle at Roblox.

In this role you will help define how application security scales at Roblox through automation secure libraries CI/CD integrations and reusable patterns while also contributing to deep-dive reviews such as threat modeling code review and penetration testing. Members of the AppSec team also participate in the AppSec on-call rotation and tooling evaluations.

You will:

• Design build and maintain internal application security tooling services and libraries
• Write production-quality code to enable secure-by-default patterns and abstractions
• Automate security workflows and integrate controls into CI/CD pipelines
• Partner closely with product and platform engineers to embed security early in system design
• Reproduce assess and drive remediation for vulnerability and bug bounty reports
• Develop secure reference implementations and reusable code examples
• Contribute to deep-dive security reviews including threat modeling and penetration testing
• Support and improve security tooling and processes at scale
• Participate in the AppSec on-call rotation and incident response as needed

You have:

• 5 years of relevant professional experience
• Proficiency in at least one programming language such as C#/.NET C JavaScript Go or Rust
• Experience in software or security architecture including designing secure systems and services
• Experience with at least one scripting language such as Python Bash or Lua
• Knowledge in cryptography PKI and TLS including practical implementation
• Familiarity with secure design reviews and threat modeling
• Strong understanding of common application and network vulnerability classes their impact and remediation strategies
• Background in integrating security into the Software Development Lifecycle (SDLC)
• Owned projects end-to-end in a fast-paced ambiguous environment
• Ability to clearly communicate security concepts to engineering and product partners
• Knowledge in Linux and Windows operating systems and security fundamentals

Nice to have:

• Experience working in microservice or distributed system environments
• Relevant certifications such as OWASP CSSLP CISSP GIAC GSEC or CISM

Required Experience:

Senior IC