Job Directory Roblox InfoSec Engineer - Application Security

InfoSec Engineer - Application Security Roblox
San Mateo, CA

Roblox is a provider of a 3D creation, publishing, and gameplay platform that empowers players to create 3D models and games.

Companies like Roblox
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About Roblox

Job Description


Roblox is ushering in the next generation of entertainment, allowing people to imagine, create, and play together in immersive, user-generated worlds. We're the one and only fastest-growing entertainment platform that lets anyone teach themselves how to code, publish, and monetize any experience imaginable-across any device-reaching millions of players across the globe.

The impact that you can have at Roblox is powerful. We're looking for someone who's eager to take on a meaningful role in the success of Roblox on a massive scale. Someone who takes play seriously and strives for joy in their work. Someone who's ready to take Roblox-and their career-to the next level.

In 2018, we were honored to be recognized as a Certified Great Place to Work®. We've fostered a company culture that empowers people to do the most defining work of their career in an environment where you'll join forces with the most passionate, team-oriented, visionary, crazy-smart people you'll ever meet. At Roblox, play rules and the possibilities are endless.

Infosec has critical responsibilities at Roblox: Engineering and designing secure systems from inception to operationalization; setting policies and process; training peer engineering teams in secure methods and ways. The Application Security engineer specifically will be contributing to threat modeling and pen testing; vulnerability management including Bug Bounty program; Red Team/Purple Team. This role will also have involvement in our compliance response for PCI, privacy, etc. for software design and requirements, as well as with how we define and articulate security risk in the AppSec space. Finally, the AppSec function will have major responsibilities in creating solutions for InfoSec program domains - partnering with our peer teams on requirements and driving build-or-buy

As an early InfoSec Engineer, you will have the opportunity to be an innovator and foundational member on the InfoSec team at Roblox. We are looking for smart people who work well with others and who want to apply their passion for protecting communities to grow a leading-edge security program. Come join us in building the best trusted all-ages gaming and exchange platform.


* Application security vulnerability management
* Identifying vulnerabilities and breaking into systems
* Reverse engineering
* IDA Pro
* Exploiting and developing shellcode
* Game hacks: Memory injection
* VMProtect
* Creating and operating security tooling and scripting
* Penetration Testing
* Threat Modeling
* Red Team engagements
* Security Education and Training - preparation of materials and communication through diverse parts of the org. Contribution to security awareness programming.


* Significant development experience with proficiency in at least one language such as C#/.Net, C++, Java, Python, or Lua
* BA/BS degree in a relevant engineering field or equivalent practical experience
* Self-organized and comfortable working in a fast-paced environment
* Experience operationalizing and describing security best practices within a large-scale Internet environment
* Experience with a variety of programming languages, with proficiency in at least one, and knowledge of design patterns
* Knowledge of cryptography, PKI, TLS as well as practical implementation of the same
* Familiarity with network and server hardware
* Familiarity with various operating systems
* Level depending on experience

Nice To Have

* Experience with *nix systems and shells, daemons, and processes
* Experience with containers (Docker, Windows Server), and specifically container security
* Experience with AWS security (IAM, EC2, VPC, S3, etc..) and cloud best practices
* Experience with Hashistack and/or Kubernetes
* Experience with some compliance reporting, especially in PCI and ITGC. Familiarity with Privacy (GDPR, CA AB-375, and COPPA) a plus
* Relevant certifications, i.e. OWASP, CSSLP, CEH CISSP, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, etc.

You'll Love:

* Excellent medical, dental, and vision coverage
* A rewarding 401k program
* Flexible vacation policy
* Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
* Onsite fitness center and fitness program credit
* Annual CalTrain Go Pass
* A Roblox Admin badge for your avatar

Roblox - Powering Imagination



About Roblox

Roblox is a provider of a 3D creation, publishing, and gameplay platform that empowers players to create 3D models and games.

1000 employees

970 park place

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.