Senior Security Operations Engineer

Every day tens of millions of people come to Roblox to explore create play learn and connect with friends in 3D immersive digital experiences all created by our global community of developers and creators.

At Roblox were building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together from anywhere in the world and on any device. Were on a mission to connect a billion people with optimism and civility and looking for amazing talent to help us get there.

A career at Roblox means youll be working to shape the future of human interaction solving unique technical challenges at scale and helping to create safer more civil shared experiences for everyone.

As a founding member of the Security Operations team in EMEA you will be joining us at an exciting time in Robloxs SIRT & SOC program. This is a highly autonomous role where you will be a primary decision-maker core to our mission to maintain a highly capable 24/7/365 monitoring and response capability.

While you will work in close collaboration with peers at our US West Coast Headquarters the nature of the time difference requires a leader who can operate independently making critical decisions without immediate oversight. You will help scale our ability to monitor and protect players developers employees and the platform globally. We favor automation orchestration and risk-based prioritization while retaining the deep technical skills required to conduct detailed hands-on analysis and response when the situation warrants.

Work Environment: This role is based in London UK. You will be working from a dedicated private space located within a shared office environment designed to enable collaboration while remaining secure.

You will:

• Exercise High Autonomy: Act as the primary Incident Commander for the European time zone making critical time-sensitive decisions independently before US HQ comes online. You will serve as the senior-most security operations point of contact in the region.
• Command Security Incidents: Ensure serious threats and impacts are understood mitigated and learned from with speed and professionalism often leading responses end-to-end without immediate escalation paths during local hours.
• Drive Strategy & Operations: Go beyond individual contribution to shape the strategic direction of the SIRT/SOC function specifically identifying how global hand-offs and follow-the-sun models can be optimized.
• Conduct Advanced Investigations: Dig into complex context determining if threats exist and taking decisive action to prevent them.
• Collaborate Cross-Functionally: Work with Legal HR Executive teams and external partners (Developers & Customers). You will also travel semi-regularly to the USA to visit HQ ensuring deep alignment with central engineering and security leadership.
• Lead High-Profile Responses: Collaborate with Security and Engineering to lead responses to major vulnerabilities or platform-wide events.
• Build & Automate: Produce and refine security response procedures (runbooks IRPs workflows) with a focus on automation to reduce manual toil.
• Threat Hunt: Proactively hunt for anomalous activity in our signals distinguishing between outliers and threats.

You have:

• Experience: 10 years of experience across Infosec IT Infra/SRE and/or Incident Response.
• Specialization: 7 years of experience specifically in Detection or Response (& Incident Response) roles.
• Autonomous Leadership: Proven ability to work independently in satellite offices or distributed teams. You are comfortable being the person in charge during your shift and making calls that impact the business.
• Incident Command: Extensive experience operating as an incident commander. You can flex into deep engineering work but also possess the executive presence to coordinate responders and communicate status to leadership.
• Investigations: Expert-level capability in investigating threats in enterprise and production environments taking ownership from identification to resolution.
• Knowledge/Tools/Techniques: Deep understanding of security tools (SIEM EDR IDS/IPS NDS SOAR). You are proficient in applying Incident Response frameworks (NIST IR Lifecycle Cyber Kill Chain MITRE ATT&CK) to real-world scenarios. Collaborate effectively with engineering colleagues leveraging extensive expertise across various infrastructure and technologies (Public Cloud OS Virtualization Containerization Networking Build/Development infrastructure and Hardware).
• Education: Bachelors degree in Computer Science Cybersecurity or a related technical field; advanced degree preferred or equivalent experience.

You are:

• A Strategic Self-Starter: You dont wait for instructions. You identify gaps in coverageespecially those unique to regional or time-zone specific challengesand fix them.
• Detailed Thinker: You enjoy exploring the details and considering the second and third-order effects of your decisions.
• Eager Problem Solver: You are drawn to complex issues rather than avoidant of them.
• Emboldened to Make Change: You instinctively ask what you can do to improve the situation rather than waiting to be prompted.
• Compelled by our Mission: You are driven by the opportunity to protect our community and the safe space weve created.
• A Calculated Risk Taker: You move fast navigating reasonable risks to take action and build capabilities as quickly as possible.