Posted Feb 6

Roblox is hiring a
Principal Vulnerability Management Engineer

San Mateo, CA, United States

Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. 

At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. 

A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.

As a Principal Vulnerability Management Engineer, you will be reporting to the Director of Infrastructure Security. You will partner across the company and within Information Security to help Roblox build a world class vulnerability management program. You will perform vulnerability assessments and remediation capabilities at scale and support the leadership team in growing and expanding this critical security function within Roblox. You will collaborate with various security, engineering, and risk teams to understand technical constraints, identify scalable solutions to reduce risk and support automated reporting for C-level consumption.

You will:

  • Architect a vulnerability management platform that is extensible company wide. This will include in-depth communication and collaboration strategies with partner teams and organizations as well as the day to day operational support for scanning, reporting and remediation.
  • Work across multiple technologies and major cloud platforms to perform vulnerability impact assessment, root causes analysis, and to identify strategic opportunities for security posture improvement
  • Develop, deploy, and maintain services that detect vulnerabilities and drive remediation.
  • Use custom and third-party tools to detect, report, and remediate vulnerabilities
  • Partner with internal stakeholders to analyze metrics, identify false positives, and support partner organizations in their remediation efforts.

You have:

  • 8+ years experience building, overseeing and/or operating a vulnerability management program.
  • Experience with scanning tools , troubleshooting false-positives/false-negatives, and an in-depth understanding of host/service crashes.
  • Configured and managed vulnerability scanning tools such as Qualys, Tenable, Snyk, Wiz, or Prisma Cloud for running efficient vulnerability scanning.
  • Defined and implemented remediation programs and are familiar with patch management best practices across multiple operating systems at scale.
  • Experience recommending and building solutions that address the greatest security gaps and incrementally pull the business forward.
  • Balance between multiple options with varying degrees of risk acceptance.
  • Experience with orchestration platforms and container runtimes, infrastructure as code and cloud-native or multi-cloud environments.
  • Experience in driving efficiencies through automation, orchestration and partnerships with internal stakeholders.
  • Ability to work independently and collaboratively, and communicate effectively in a fast-paced, distributed organization

You are:

  • Creative: When presented with a challenge, you look for new ways to solve hard problems fast.
  • Organized: You can distill complex technical information into plain business language and deliver clear and concise strategy recommendations.
  • A Leader: You have experience collaborating to set a team vision that solves company-wide problems, and you work across organizations to help execute it.
For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future.  All full-time employees are also eligible for equity compensation and for benefits.
Annual Salary Range
$283,780$331,640 USD

You’ll Love: 

  • Industry-leading compensation package
  • Excellent medical, dental, and vision coverage
  • A rewarding 401k program
  • Flexible vacation policy
  • Roflex - Flexible and supportive work policy 
  • Roblox Admin badge for your avatar
  • At Roblox HQ: 
    • Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
    • Onsite fitness center and fitness program credit
    • Annual CalTrain Go Pass

Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Please mention that you found the job on ARVR OK. Thanks.