InfoSec Engineer - SecOps & Vulnerability Management
San Mateo, CA
The impact that you can have at Roblox is powerful. We’re looking for someone who’s eager to take on a meaningful role in the success of Roblox on a massive scale. Someone who takes play seriously, but also isn’t afraid to have some fun either. Someone who’s ready to take Roblox—and their career—to the next level.
Infosec has critical responsibilities at Roblox: Engineering and designing secure systems from inception to operationalization; establishing policies and process; training peer engineering teams in secure methods. The InfoSec Engineer will have a critical role in driving consistency and excellence in our Vulnerability Management Program. You’ll work closely with infrastructure leads on creating plans, identifying bottlenecks, and helping propose engineering solutions and mitigations that further scalability. You’ll also help drive automation of operational processes and tools the InfoSec team needs to amplify the time and effort of the team - being experienced with metrics reporting would be highly valued. Finally, you’ll play a pivotal role in cohering security program consistency and vendor management for the InfoSec team.
As an early InfoSec Engineer, you will have the opportunity to be an innovator and foundational member on the InfoSec team at Roblox. We are looking for smart people who work well with others who want to apply their passion for protecting communities to grow a leading-edge security program. Come join us in building the best trusted all-ages gaming and exchange platform.
- Vulnerability management program development.
- Creating and operating security tooling and scripting.
- Contribute and communicate practical risk analysis for prioritization.
- Prototype and partner for engineering solutions to security risk issues.
- Scalable metrics reporting
- Security program management
- Tools evaluation (vendor, OSS, or internal development) and vendor management
- Security Education and Training - preparation of materials and communication through diverse parts of the org. Contribution to security awareness programming.
- InfoSec on-call rotation
- BA/BS degree in a relevant engineering field or equivalent practical experience
- Self-organized and comfortable working in a fast-paced environment.
- Experience supporting security best practices within a large scale Internet environment, including monitoring infrastructure.
- Experience with network and server hardware, especially SDN.
- Experience with various operating systems security - Linux, OSX, Windows, *nix systems and shells, daemons, and processes
- Experience with AWS security (IAM, EC2, VPC, S3, etc..) and cloud best practices
- Experience with containers (Docker, Windows Server), and specifically container security
- Knowledge of cryptography, PKI, TLS as well as practical implementation of the same
- Experience with one or more scripting/programming languages. Proficiency in at least one scripting language like Python, shell, or Lua.
- Experience with some compliance reporting, esp. In PCI and/or ITGC.
- Level Depending On Experience
Nice To Have
- Experience with Hashistack
- Experience with Kubernetes
- Programming and/or scripting proficiency
- Familiarity with Privacy (GDPR, CA AB-375) and COPPA
- Relevant certifications, i.e. CISSP, CEH, GSEC, GIAC, CISM, Stanford Advanced Security Certificate Program, OWASP, CSSLP, etc.
- Excellent medical, dental, and vision coverage
- A rewarding 401k program
- Flexible vacation policy
- Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
- Onsite fitness center and fitness program credit
- Annual CalTrain Go Pass
- A Roblox Admin badge for your avatar
Roblox – Powering Imagination.