As a Senior Application Security Engineer, you will be a foundational member on the InfoSec team at Roblox. You'll be taking on ownership of engagement projects with opportunities across various tech stacks, striving to discover gaps and enable secure designs and mitigations. You'll have the opportunity to take on projects for automating and scaling out the way application security is conducted across the company. Finally, you'll be able to define how we establish, grow, and expand our partnerships with critical Roblox engineering organizations. This is a hybrid in-office role and you will report directly to the Senior Engineering Manager leading our Application Security team.

You will:

• Direct and assist Product Security guidance and process
• Contribute to the ramp-up of Trust-by-Design security work, cross-functional engagements
• Conduct Bug Bounty issue evaluation, reproduction, and recommendations
• Help develop and deliver Security Education and Training - prepare materials and communication through diverse parts of the organization.
• Contribute to security awareness programming.
• Perform penetration test planning and execution
• Automate tools and processes
• Write secure libraries or code patches where appropriate - especially scale secure code practices or prototype examples
• Develop and maintain CI/CD secure tooling and other security tools support
• Test application code with the OWASP Testing Methodology

You have:

• 4+ years of relevant professional experience
• Experience writing and maintaining code in at least one programming language such as Python, Golang or C#, and you want to learn new languages and technologies.
• Experience with at least one scripting language (Bash, Lua, Python).
• Applied knowledge of cryptography, PKI, TLS and practical implementation of the same.
• Performed threat modeling.
• Experience of common code and network vulnerability types, impacts, and remediations.
• Experience with Secure Software Development Life Cycles.
• Knowledge of product security and integrations.
• BA/BS degree in a relevant engineering field or equivalent practical experience.
• Experience operationalizing and communicating security best practices within a large-scale Internet environment.
• Familiarity with network and server hardware.
• Knowledge of Linux and Windows operating systems and security.
• Experience with network reconnaissance (Bonus)
• Experience with micro-service architecture.(Bonus)
• Experience with software and/or security architecture (Bonus)
• Experience with AWS security (IAM, EC2, VPC, S3, etc.) and cloud best practice (Bonus)

You are:

• Team-oriented: a collaborative team player who enjoys working with others.
• Passionate about security: You have experience with security principles and understand the value they provide the organization
• Always taking the long view: You prioritize making changes that have long-term impact, as opposed to focusing on short-term wins.