Principal Security Engineer
San Mateo, California, Us
Operating across several major pillars of business to meet the needs of our community and the business.== Security Leadership ==Collaborate with the team to build a framework, roadmaps and metrics to measure security. Mentor peers and junior engineers. Source and interview future team members. == Cloud Security Strategy and Implementation ==Define, establish, and lead the cloud security strategy to improve continuous monitoring, security and visibility in third party clouds. == Security Education and Training ==Develop, lead, scale and teach security education for new hire orientation, software engineering and security development lifecycle. Create and present relevant security to talks to help educate and protect the community.== Data Lifecycle Security ==Collaborate with cross functional teams to define defense-in-depth programs and practices for securing Roblox data from the endpoint to its cold storage.== Security Operations, Threat Intel and Outreach ==Collaborate, investigate and research active incidents and threats that target and exploit players. Provide actionable intelligence to help defend the platform and respond to malicious activities. Define the TI program and success metrics. == Vendor Risk and Bug Bounty Programs ==Help manage vendor and supply chain risk with regular reviews and outreach. Negotiate and compromise on appropriate security postures to reduce business risk and exposure. Help the team respond to inbound bug bounty reports. Validate risk, identify relevant stakeholders, and work to address vulnerabilities found by the community.== Product Security and Security Development Lifecycle ==Assist and advise on product selection and the implementation of automated testing (SAST/DAST), source code analysis and vulnerability scanning using frameworks from OWASP and MITRE. Co-lead and guide risk assessments and threat models to help improve product security and user privacy. Help establish a product security program.