Senior Security Operations Engineer, Incident Response

<div class="content-intro"><p><span style="font-weight: 400;">Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. </span></p> <p><span style="font-weight: 400;">At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device.</span><strong> </strong><span style="font-weight: 400;">We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. </span></p> <p><span style="font-weight: 400;">A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.</span></p></div><p>As a Senior member of the Security Operations team, you will serve as the Incident Response Program Lead at Roblox headquarters. In this pivotal role, you will hold the ultimate responsibility for building, improving, and scaling our SIRT capabilities across people, process, and technology. You will be the architect of our response maturity, moving us beyond ad-hoc firefighting into a structured, highly orchestrated operation. While you will still be hands-on during events, your primary focus will be force multiplying: ensuring that our alert pipeline, response procedures, tooling and capabilities integrate deeply with the rest of the company. You will work directly with leadership to influence the roadmap for the Security Incident Response Team, operate cohesively with SOC operations and ensure our team is equipped to protect Roblox’s platform, developers, and millions of users.</p> <h3>You will:</h3> <ul> <li>Lead the SIRT Program: Own the strategy and execution of the Incident Response program. Define success metrics, identify maturity gaps, and drive projects that scale our capabilities (People, Process, Technology).</li> <li>Command Security Incidents: Serve as an Incident Commander for high-severity events, ensuring threats are mitigated with speed and professionalism.</li> <li>Build Scale Process: Create and maintain the "source of truth" for response—developing comprehensive runbooks, Incident Response Plans (IRPs), and workflows that standardize excellence across the team.</li> <li>Drive Automation Technology: Be a driving force in SOAR and response tooling. Identify manual toil and ruthlessly automate it to free up time for high-value hunting.</li> <li>IR Mentorship Training: Elevate the skills of the broader team. Design tabletop exercises, conduct post-incident reviews (blameless post-mortems), and ensure lessons learned are fed back into the program.</li> <li>Collaborate Cross-Functionally: Become best friends with Legal, Privacy, Comms, HR and Engineering teams to ensure our incident response processes are legally sound and technically integrated.</li> <li>Threat Hunt: Lead and participate in proactive threat hunting initiatives, using intelligence to hypothesis-test our environment against advanced adversaries.</li> </ul> <h3>You have:</h3> <ul> <li>Experience: 8+ years of experience across Infosec, IT, Infra/SRE, and/or Incident Response.</li> <li>Specialization: 5+ years of experience specifically in Security Incident Response roles.</li> <li>Program Building: Demonstrated experience not just <em>running</em> incidents, but <em>building</em> the program capabilities that support them. You have created IRPs, defined and maintained severity matrices, and influenced IR policy to meet the latest and best standards. </li> <li>Incident Command: Proven ability to exist in and manage chaos. You have led enterprise-wide incidents and can confidently brief executive leadership during crises.</li> <li>Technical Proficiency: Deep h ... (truncated, view full listing at source)