Security Director, Engineering

<div class="content-intro"><h2 data-pm-slice="1 1 []">About Crunchyroll</h2> <p>Founded by fans, Crunchyroll delivers the art and culture of anime to a passionate community. We super-serve over 100 million anime and manga fans across 200+ countries and territories, and help them connect with the stories and characters they crave. Whether that experience is online or in-person, streaming video, theatrical, games, merchandise, events and more, it’s powered by the anime content we all love.</p> <p>Join our team, and help us shape the future of anime!</p></div><h2 data-pm-slice="1 1 []">About the role</h2> <p>Crunchyroll is growing and evolving, creating both new opportunities and new challenges as it protects millions of anime fans worldwide. We are looking for a security leader who wants to shape how engineering builds and operates securely at scale--while still shipping quickly and with high quality.</p> <p><strong>In this Principal-level, hands-on Security Director role, you will report to the SVP of Engineering. You will connect strategy to execution by turning security goals into secure-by-default systems and practices that teams actually use.</strong></p> <p>You will partner with engineering leaders and senior ICs to reduce friction, define priorities, and drive consistent follow-through, protecting our fans and our platform without sacrificing delivery velocity. Success will be through influence and enablement. You will also periodically build proof of concept solutions that make it easier for teams to adopt the right security patterns, such as reference implementations and tooling integrations.</p> <p>This position is based in Los Angeles, California.</p> <h3>Core Areas of Responsibility</h3> <p>In this role, you will be a force multiplier for engineering, setting the direction, building key parts, and ensuring follow-through so security becomes a durable part of how Crunchyroll ships. You will own the engineering-facing mechanisms that make security real in day-to-day delivery:</p> <ul> <li><strong>Security execution at scale:</strong> Drive adoption of required controls across engineering by establishing clear engineering playbooks, paved paths, and secure-by-default platform capabilities that can be consistently adopted across services, regardless of engineering domain.</li> <li><strong>Design-time security embedded in engineering workflows:</strong> Ensure threat modeling and security architecture considerations are built into how engineering designs and ships using approved patterns and reference architectures as the default starting point.</li> <li><strong>Practical requirements shaping:</strong> When requirements are infeasible or disproportionately costly, you'll drive early escalation and propose alternatives (sequencing, compensating controls, platform changes) so we maintain momentum without accepting unmanaged risk.</li> <li><strong>Cross-team alignment and escalation:</strong> Identify cross-domain architectural risks and drive resolution across teams, bringing the right stakeholders together and escalating when tradeoffs require executive judgment.</li> <li><strong>Vulnerability closure and systemic risk reduction:</strong> Run the operating rhythm across engineering for vulnerability intake, triage, ownership assignment, remediation planning, verification, and escalation. Ensure timely fixes and eliminate repeat issue classes through platform/tooling improvements.</li> <li><strong>Tooling integration and evidence readiness:</strong> Partner with engineering teams to integrate enterprise security tooling into CI/CD and production environments, and ensure engineering can reliably produce evidence of compliance in a low-friction, automated way.</li> <li><strong>Incident readiness and closure:</strong> Improve security incident preparedness in engineering (runbooks, exercises, detection hooks) and ensure post-incident actions translate into durable engineering improvements.</li> <li><strong>Partner with Global ... (truncated, view full listing at source)