Senior/Principal Vulnerability Management Engineer

San Mateo, CA, United States

Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.

At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device.We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.

A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.

As a Senior/Principal Vulnerability Management Engineer , you will be reporting to the Senior Director of Product and Application Security. You will partner across the company and within Information Security to help Roblox build a world class vulnerability management (VM) program. You will perform vulnerability assessments and remediation capabilities at scale and support the leadership team in growing and expanding this critical security function within Roblox. You will collaborate with various security, engineering, and risk teams to understand technical constraints, identify scalable solutions to reduce risk and support automated reporting for C-level consumption.

You will:

Architect a vulnerability management platform that is extensible company wide. This will include in-depth communication and collaboration strategies with partner teams and organizations as well as the day to day operational support for scanning, reporting and remediation.

Work across multiple technologies and major cloud platforms to perform vulnerability impact assessment, root causes analysis, and to identify strategic opportunities for security posture improvement.

Develop, deploy, and maintain services that detect vulnerabilities and drive remediation.

Use custom and third-party tools to detect, report, and remediate vulnerabilities.

Analyze metrics, identify false positives, and support partner organizations in their remediation efforts.

You have:

6 plus years of proven experience in building, overseeing and/or operating a VM program.

Proficient with at least one object oriented programming or scripting language (Python, Bash, Java, Go, C++, C# .NET)

Experience with scanning tools, troubleshooting false-positives/false-negatives, and an in-depth understanding of host/service crashes.

Configured and managed vulnerability scanning tools such as Qualys, Tenable, Snyk, Wiz, or Prisma Cloud for running efficient vulnerability scanning!

Defined and implemented remediation programs and are familiar with patch management best practices across multiple operating systems at scale.

Experience recommending and building solutions that address the greatest security gaps and incrementally pull the business forward.

Ability to balance between multiple options with varying degrees of risk acceptance.

Experience with orchestration platforms and container runtimes, infrastructure as code and cloud-native or multi-cloud environments.

Driven efficiencies through automation, orchestration!

You are:

Creative : When presented with a challenge, you look for new ways to tackle hard problems fast.

Organized: You can distill sophisticated technical information into plain business language and deliver clear and concise strategy recommendations.

A Leader: You have experience collaborating to set a team vision that solves company-wide problems, and you work across organizations to help implement it.

For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future.  All full-time employees are also eligible for equity compensation and for benefits. Annual Salary Range $267,720—$331,640 USD Roles that are based in our San Mateo, CA Headquarters are in-office Tuesday, Wednesday, and Thursday, with optional in-office on Monday and Friday (unless otherwise noted).

You’ll Love:

Industry-leading compensation package

Excellent medical, dental, and vision coverage

A rewarding 401k program

Flexible vacation policy

Roflex - Flexible and supportive work policy

Roblox Admin badge for your avatar

At Roblox HQ:

Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks

Onsite fitness center and fitness program credit

Annual CalTrain Go Pass

Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.