Senior Security Software Engineer, Application Security

The Security organization at Roblox is responsible for designing and engineering secure systems from inception through production. We define security standards, build scalable controls, and enable product and infrastructure teams to operate securely by default. The Application Security team partners closely with engineering teams early in the development lifecycle to drive secure architectures, establish standards, and deliver scalable security solutions.

As a Senior Security Software Engineer - Application Security, you will be a hands-on engineer who designs, builds, and ships security solutions that integrate directly into developer workflows and platforms. You will play a key role in scaling application security through automation, CI/CD integrations, secure libraries, and reusable patterns.

In this role, you will help define how security is embedded across the software development lifecycle at Roblox, balancing deep technical work (threat modeling, code review, penetration testing) with systemic solutions that reduce risk at scale. You will also participate in AppSec on-call rotations and contribute to security tooling and platform evolution.

You will:

• Integrate security into CI/CD pipelines and drive secure-by-default engineering practices
• Design and build security controls, libraries, and guardrails directly in code
• Develop and scale automated security tooling across CI/CD (SAST, dependency scanning, secrets detection, fuzzing, etc.)
• Build and improve detection and prevention mechanisms for abuse, data exfiltration, and supply chain risks
• Automate vulnerability triage, prioritization, and remediation workflows at scale
• Integrate security into developer workflows and internal platforms to reduce friction and increase adoption
• Design and implement security controls for agentic and AI-assisted workflows, building guardrails to mitigate risks such as prompt injection, data exfiltration, and misuse of developer and system privileges
• Contribute to secure system design and architecture reviews, including threat modeling for new products and features

You have:

• 6+ years of experience in software engineering, application security, or security engineering
• Strong coding skills in at least one language (e.g., Python, Go, C#, JavaScript, Rust, C++)
• Build and scale security automation in CI/CD pipelines (SAST, SCA, secrets detection, and fuzzing)
• Solid understanding of application security fundamentals (OWASP Top 10, auth models, common vulnerabilities and mitigations)
• Background with cloud environments, and modern architectures (microservices, APIs)
• Working knowledge of Linux/Windows systems, networking fundamentals, and system-level security
• Experience designing and implementing secure, scalable systems, including APIs, microservices, and distributed architectures
• Ability to translate security risks into practical, scalable engineering solutions
• Bachelor’s degree in a relevant field or equivalent practical experience

Nice to Have:

• Experience building security platforms, tools, or developer frameworks
• Knowledge of cryptography, PKI, TLS, and secure implementations
• Experience with container security and Kubernetes
• Experience building internal security platforms or developer tooling
• Background of supply chain security (SBOMs, signing, provenance, build integrity)

You Are

• Think long-term, building resilient and scalable security solutions rather than one-off fixes
• Highly execution-focused and drive outcomes in fast-paced environments
• Take ownership and proactively identify and mitigate risks
• Collaborate effectively and influence engineering teams through practical solutions
• Balance security and developer productivity to enable the business