This job might no longer be available.
Sr. AppSec Product Security Engineer
3 years ago
WHY ROBLOX?
Roblox is ushering in the next generation of entertainment, allowing people to imagine, create, and play together in immersive, user-generated worlds. We’re the one and only fastest-growing entertainment platform that lets anyone teach themselves how to code, publish, and monetize any experience imaginable—across any device—reaching millions of players across the globe.
The impact that you can have at Roblox is powerful. We’re looking for someone who’s eager to take on a meaningful role in the success of Roblox on a massive scale. Someone who takes play seriously and strives for joy in their work. Someone who’s ready to take Roblox—and their career—to the next level.
In 2018, we were honored to be recognized as a Certified Great Place to Work® . We’ve fostered a company culture that empowers people to do the most defining work of their career in an environment where you’ll join forces with the most passionate, team-oriented, visionary, crazy-smart people you’ll ever meet. At Roblox, play rules and the possibilities are endless.
Infosec has critical responsibilities at Roblox: Engineering and designing secure systems from inception to operationalization; setting policies and process; training peer engineering teams in secure methods and ways. The AppSec Product Security Engineer will play a formative role in InfoSec’s growth in Product Security where we work with teams early in their process to provide secure design solutions and guidelines. The AppSec Product Security Engineer may also provide in-depth pen testing, threat modeling, or code reviews. AppSec members also assist with eval and integration of CI/CD tools and participate in InfoSec’s on-call rotation.
As an early InfoSec Engineer, you will have the opportunity to be an innovator and foundational member on the InfoSec team at Roblox. We are looking for smart people who work well with others who want to apply their passion for protecting communities to grow a leading-edge security program. Come join us in building the best trusted all-ages gaming and exchange platform.
Responsibilities
- Test application code with the OWASP Testing Methodology
- Bug Bounty issue evaluation and recommendations
- Assist with Product Security guidance and process
- Assist with CI/CD and other security tools support
- Security Education and Training - preparation of materials and communication through diverse parts of the org. Contribution to security awareness programming.
- InfoSec On-Call Rotation
Requirements
- Working knowledge in C#/.Net, C++, Javascript, with proficiency in at least one
- Knowledge of cryptography, PKI, TLS as well as practical implementation of the same
- Experience with Software Development Life Cycles, with knowledge of how product security may integrate with it
- BA/BS degree in a relevant engineering field or equivalent practical experience
- Self-organized and comfortable working in a fast-paced environment
- Experience operationalizing and communicating security best practices within a large-scale Internet environment
- Familiarity with network and server hardware
- Good knowledge of Linux and Windows operating systems and security
- Experience with *nix systems and shells, daemons, and processes
- Experience with AWS security (IAM, EC2, VPC, S3, etc..) and cloud best practices
- Level Depending On Experience
Nice To Have
- Common Criteria
- Familiarity with OWASP testing methodology
- Working knowledge in Java, Python or Lua
- Experience with databases
- Experience with containers (Docker, Windows Server), and specifically container security
- Experience with Hashistack and/or Kubernetes
- Experience with some compliance reporting, especially in PCI and ITGC. Familiarity with Privacy (GDPR, CA AB-375, and COPPA) a plus
- Relevant certifications, i.e. OWASP, CSSLP, CEH CISSP, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, etc.
Create Your Profile — Game companies can contact you with their relevant job openings.