Senior Information Security Software Engineer
ROBLOX – The Imagination Platform.
Effectively defending the Roblox company and community requires the ability to respond rapidly and flexibly, both to potential threats and to real attacks. As we continue to see exponential user growth, top-notch security and protection becomes increasingly more pertinent.
Our InfoSec Team must respond flexibly by developing, correlating, analyzing, and prioritizing up-to-the-minute threat intelligence and dynamically configuring defenses in response to emerging threats. This is key to minimizing damage due to minor intrusions early in the kill chain and requires the ability to rapidly analyze attacks, develop indicators of compromise on-the-fly, and lead rapid coordinated mitigation efforts.
We're seeking a Security Engineer for our InfoSec team building world-class operational, infrastructure, application, and incident response security toolsets in order to protect critical assets and the Roblox community. You have a holistic understanding of the modern cyber security landscape with a strong background in intelligence gathering, incident response, application security, process documentation, and offensive security (red team). You will assist a team of accomplished Engineers and Analysts and will be looked upon as a technical lead to contribute at a highly productive and efficient level in a high-paced environment.
- Analyze and respond to information cyber security with the mission of protecting Roblox and it’s community from internet attacks/threat actors.
- Be a technical leader for the Cyber Threat Analysis & Response organization (Continuous Threat Analysis Center (24/7), Incident Response Center, Cyber Counter Threat and Intelligence team).
- Lead initiatives and the implementation of capabilities that advance the Cyber Threat Program.
- Automate threat intelligence gathering and attacker profiles to direct hypothesis-driven searches for indicators of compromise.
- Enhance and distribute security incident response and escalation procedures to ensure timely and effective handling of security events and alerts.
- Improve the Roblox Cyber Security Program and strategy expanding threat management services across the entire organization.
- Build and maintain an organization with expert knowledge of information technology functions, practices and business units.
- Maintain industry affiliations that provide Roblox with the necessary intelligence to proactively respond to threats - including DHS (Department of Homeland Security), FBI, etc.
- Apply knowledge of technical and analytical skills to ensure the confidentiality, integrity, and availability of all information systems assets.
- Ensure compliance with company policies, procedures, contractual, and regulatory requirements.
- 10+ years of industry experience in a mission-critical environment.
- Bachelor’s degree (Computer Science or MIS preferred).
- Active industry InfoSec related certification (i.e.- CISSP, CEH, CISM).
- Experience building cyber security toolsets and solutions across an organization.
- Experience with SEIM technologies and best practices, and experience implementing a more robust advanced security data analytics capability.
- Malware detection, analysis, exploitation, containment, and eradication techniques (Not just commercial tools).
- Solid understanding of Penetration Testing, Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies, and Counter Threat Operations.
- Experience monitoring and managing network and host-based intrusion prevention systems actively in-line, Full Packet Capture (with analytics), Sandboxing, data loss prevention, malware prevention systems, vulnerability scanning solutions, DDOS protection, Security Event/Information Management, host-based integrity checking, end-point security and AV.
- Strong expertise in multiple systems with proficiency in OS platforms (preferably Windows, OSX, iOS, Android, Xbox, PlayStation).
- Proficiency in building and automating efficient and effective scripts from scratch with languages such as python, perl, php, Ruby, and JS.
- Knowledge of toolsets and frameworks like elasticsearch, ELK, OpenSOC, OpenIOC, STIX, TAXII, and CybOX.
- Experience applying knowledge of information security concepts and theories through technical and non-technical methods.
- Solid understanding of cyber security threats, risks, vulnerabilities and attacks giving insight into threat actor motives, capabilities, and techniques.
- Demonstrating an ability to work under stress/pressure to meet deliverables, timetables, and deadlines.
- Personal integrity and high ethical behavior at all times to inspire confidence in clients, peers, partners, and employees.
- Knowledgeable of current and emerging security and information technology standards and practices.
- Understanding of key InfoSec regulation & frameworks (PCI, GLBA, HIPAA, ISO 27001, HITrust, EHNAC) is a plus.
Perks & Benefits:
- Robust medical, dental and vision insurance
- Flexible paid vacation
- Wellness reimbursement
- Free onsite parking & other commuter benefits
- Free catered lunches & a fully stocked kitchen with unlimited snacks
ROBLOX is a powerful technology platform that allows users of all ages to create games, play and socialize in immersive 3D worlds. Over 22 million user generated games have been produced on the ROBLOX platform with more than 28 million players coming each month to socialize, learn, and play in worlds that stretch imaginations. ROBLOX was ranked #37 in the Consumer Products and Services category for overall revenue in INC Magazine’s 2016 5000 Fastest Growing Private Companies in America.
Meet Some of Roblox's Employees
Director Of Engineering
Isaiah guides team workflow for ROBLOX's product development. He troubleshoots and streamlines the process, and supplies the tools and support to help team members thrive.
Back to top