• Location
    • San Mateo, CA
  • Date Posted
  • May. 24, 2021
  • Function
  • IT
  • Sector
  • Entertainment

Roblox is ushering in the next generation of entertainment, allowing people to imagine, create, and play together in immersive, user-generated worlds. We’re the one and only fastest-growing entertainment platform that lets anyone teach themselves how to code, publish, and monetize any experience imaginable—across any device—reaching millions of players across the globe.

The impact that you can have at Roblox is powerful. We’re looking for someone who’s eager to take on a meaningful role in the success of Roblox on a massive scale. Someone who takes play seriously and strives for joy in their work. Someone who’s ready to take Roblox—and their career—to the next level.

In 2018, we were honored to be recognized as a Certified Great Place to Work®. We’ve fostered a company culture that empowers people to do the most defining work of their career in an environment where you’ll join forces with the most passionate, team-oriented, visionary, crazy-smart people you’ll ever meet. At Roblox, play rules and the possibilities are endless.

InfoSec has critical responsibilities at Roblox: We partner to engineer and design secure systems from inception to operationalization; we set policies and processes; we train peer engineering teams in secure methods and ways.  The Security Engineering Lead will have a key role in developing InfoSec’s capability to build and prototype solutions with partner engineering teams, as well as operate core InfoSec infrastructure.

People managers in the Information Security org will have:

  • - a deep understanding of technology and security that can fast-track great solutions and inspire respect;
  • - a human-centered approach to managing and leading; and
  • - ability to guide conversations and broker good decisions cross-functionally with managers/leaders through the company. Excellent communication skills, as well as the ability to draw a picture of future vision and the steps to get there, are also highly valued
  • As an early InfoSec leader, you will have the opportunity to be an innovator and foundational member on the InfoSec team at Roblox who can help instill our values and set the bar for excellence, defining the group — and the company — for years to come.  We are looking for smart people who work well with others who want to apply their passion for protecting communities to grow a leading-edge security program.  Come join us in building the best trusted all-ages gaming and exchange platform.  In doing so, we provide

Responsibilities

  • Development of a new Security Engineering pod
  • Engineering and operation of critical security infrastructure, such as
  • Security logging and Alerting systems
  • SSL automation
  • Internal consumer portal
  • Dashboarding
  • Secure libraries and frameworks, esp for roles and groups auditing/parign and fine-grained data access.
  • Understanding of core network security goals
  • Understanding of Security IR and dependence on good security monitoring and alerting
  • Potential participation in general InfoSec IR
  • Contribute and communicate practical risk analysis for prioritizations, both for roadmap and emergent issues.
  • Security Education and Training - preparation of materials and communication through diverse parts of the org. Contribution to security awareness programming.
  • Metrics development
  • Security program development

Requirements

  • BA/BS degree in a relevant engineering field or equivalent practical experience
  • Self-organized and comfortable working in a fast-paced environment.
  • Experience supporting security best practices within a large scale Internet environment.
  • Working knowledge of two or more scripting/programming languages.  Proficiency in at least one scripting language like Python, shell, or Lua
  • Knowledge of cryptography, PKI, TLS as well as practical implementation of the same
  • Experience with networking and network security principles.
  • Experience with various operating systems.
  • Experience with AWS and cloud best practices
  • Experience with containers (Docker, Windows Server)
  • Level Depending On Experience

Nice To Have

  • Experience with Hashistack
  • Experience with Kubernetes
  • Experience with some compliance reporting, esp. In PCI and/or ITGC.
  • Familiarity with Privacy (GDPR, CA AB-375) and COPPA
  • Relevant certifications, i.e. CISSP, CEH, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, OWASP, CSSLP, etc.