Principal Detection and Response Engineer

About the role:

As a Principal Security Engineer on the Detection and Response (D&R) team at Roblox youll play a key role designing and developing effective custom security data pipeline systems detection strategies and automations for response workflows to defend our critical assets from threat actors. You will also lead real-time incident response actively investigate events and analyze threat actor techniques to prioritize emerging threats to ensure Roblox is equipped to mitigate and react to critical challenges. You will play a vital part to ensure the safety of our community and enterprise by proactively fostering a high-performing inclusive security culture. This is a hybrid in-office role.

You Will:

• Be a D&R authority! You will deliver robust detection & response capabilities: build new threat detection systems (keeping false positives low) while also automating processes with scripts playbooks and orchestration tooling.
• Implement ETL pipelines: Design and develop customized data processing pipelines.
• Conduct security operations: Actively monitor security events and participate in on-call rotations to lead real-time incident response to contain and mitigate potential security issues.
• Build positive relationships: Collaborate with internal teams like InfoSec Engineering Product and Safety to design scalable solutions.
• Help grow the D&R team: Guide and support junior engineer careers and contribute to hiring.

You Have:

• 8 years of experience in Detection and/or Response: with a passion for security engineering threat detection threat hunting and incident management.
• 4 years of Security Data Engineering experience with streaming pipelines: Youve built production grade ETL data processing pipelines end to end using Kafka / PubSub Spark / Flink Athena / BigQuery or similar.
• Software Development (SWE): Mastery building efficient reliable CI/CD deployed scalable systems using programming languages like C Golang or Java.
• Engineering experience with SIEM EDR NDR and SOAR technologies: You have on-boarded logs in your sleep and built custom detections/automations for complex environments.
• Conducted incident response: Structured mature incident response processes are your vocabulary to swiftly resolve security incidents. Afterwards you use evidence and data to tell the story and ensure action items are meticulous and complete.
• Familiarity across multiple domains: Deep understanding of network protocols operating systems cloud environments virtualized hosts containers in order to identify potential threats to each.
• Core security skills: Analytical thinking crisis management root cause analysis and problem-solving with a meticulous approach to identifying investigating and responding to incidents.

Required Experience:

Staff IC