Senior Security Software Engineer, Application Security

<div class="content-intro"><p><span style="font-weight: 400;">Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. </span></p> <p><span style="font-weight: 400;">At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device.</span><strong> </strong><span style="font-weight: 400;">We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. </span></p> <p><span style="font-weight: 400;">A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.</span></p></div><p>Security at Roblox is responsible for engineering and designing secure systems from inception through production, defining security standards and processes, and enabling product and infrastructure teams to build securely by default. The Application Security (AppSec) team works closely with engineering partners early in the design and development lifecycle to provide secure architectures, standards, and scalable solutions.</p> <p>As a Senior Security Software Engineer in Application Security, you will be a hands-on security engineer who designs, builds, and ships security solutions. This is a hybrid in-office role and you will report to the Senior Manager leading our Application Security team responsible for Secure Software Development Lifecycle at Roblox.</p> <p>In this role, you will help define how application security scales at Roblox through automation, secure libraries, CI/CD integrations, and reusable patterns, while also contributing to deep-dive reviews such as threat modeling, code review, and penetration testing. Members of the AppSec team also participate in the AppSec on-call rotation and tooling evaluations.</p> <p><strong>You will:</strong></p> <ul> <li>Design, build, and maintain internal application security tooling, services, and libraries</li> <li>Write production-quality code to enable secure-by-default patterns and abstractions</li> <li>Automate security workflows and integrate controls into CI/CD pipelines</li> <li>Partner closely with product and platform engineers to embed security early in system design</li> <li>Reproduce, assess, and drive remediation for vulnerability and bug bounty reports</li> <li>Develop secure reference implementations and reusable code examples</li> <li>Contribute to deep-dive security reviews, including threat modeling and penetration testing</li> <li>Support and improve security tooling and processes at scale</li> <li>Participate in the AppSec on-call rotation and incident response as needed</li> </ul> <p><strong>You have:</strong></p> <ul> <li>5+ years of relevant professional experience</li> <li>Proficiency in at least one programming language such as C#/.NET, C++, JavaScript, Go, or Rust</li> <li>Experience in software or security architecture, including designing secure systems and services</li> <li>Experience with at least one scripting language such as Python, Bash, or Lua</li> <li>Knowledge in cryptography, PKI, and TLS, including practical implementation</li> <li>Familiarity with secure design reviews and threat modeling</li> <li>Strong understanding of common application and network vulnerability classes, their impact, and remediation strategies</li> <li>Background in integrating security into the Software Development Lifecycle (SDLC)</li> <li>Owned projects end-to-end in a fast-paced, ambiguous environment</li> <li>Ability to clearly communicate security concepts to engineering and product partners</li> <li>Knowledge in Linux and Windows operating systems and security fundament ... (truncated, view full listing at source)