Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device.** **We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
The Security organization at Roblox is responsible for designing and engineering secure systems from inception through production. We define security standards, build scalable controls, and enable product and infrastructure teams to operate securely by default. The Application Security team partners closely with engineering teams early in the development lifecycle to drive secure architectures, establish standards, and deliver scalable security solutions.
As a Senior Security Software Engineer - Application Security, you will be a hands-on engineer who designs, builds, and ships security solutions that integrate directly into developer workflows and platforms. You will play a key role in scaling application security through automation, CI/CD integrations, secure libraries, and reusable patterns.
In this role, you will help define how security is embedded across the software development lifecycle at Roblox, balancing deep technical work (threat modeling, code review, penetration testing) with systemic solutions that reduce risk at scale. You will also participate in AppSec on-call rotations and contribute to security tooling and platform evolution.
You will:
- Integrate security into CI/CD pipelines and drive secure-by-default engineering practices
- Design and build security controls, libraries, and guardrails directly in code
- Develop and scale automated security tooling across CI/CD (SAST, dependency scanning, secrets detection, fuzzing, etc.)
- Build and improve detection and prevention mechanisms for abuse, data exfiltration, and supply chain risks
- Automate vulnerability triage, prioritization, and remediation workflows at scale
- Integrate security into developer workflows and internal platforms to reduce friction and increase adoption
- Design and implement security controls for agentic and AI-assisted workflows, building guardrails to mitigate risks such as prompt injection, data exfiltration, and misuse of developer and system privileges
- Contribute to secure system design and architecture reviews, including threat modeling for new products and features
You have:
- 6+ years of experience in software engineering, application security, or security engineering
- Strong coding skills in at least one language (e.g., Python, Go, C#, JavaScript, Rust, C++)
- Build and scale security automation in CI/CD pipelines (SAST, SCA, secrets detection, and fuzzing)
- Solid understanding of application security fundamentals (OWASP Top 10, auth models, common vulnerabilities and mitigations)
- Background with cloud environments, and modern architectures (microservices, APIs)
- Working knowledge of Linux/Windows systems, networking fundamentals, and system-level security
- Experience designing and implementing secure, scalable systems, including APIs, microservices, and distributed architectures
- Ability to translate security risks into practical, scalable engineering solutions
- Bachelor’s degree in a relevant field or equivalent practical experience
Nice to Have:
- Experience building security platforms, tools, or developer frameworks
- Knowledge of cryptography, PKI, TLS, and secure implementations
- Experience with container security and Kubernetes
- Experience building internal security platforms or developer tooling
- Background of supply chain security (SBOMs, signing, provenance, build integrity)
You Are
- Think long-term, building resilient and scalable security solutions rather than one-off fixes
- Highly execution-focused and drive outcomes in fast-paced environments
- Take ownership and proactively identify and mitigate risks
- Collaborate effectively and influence engineering teams through practical solutions
- Balance security and developer productivity to enable the business
For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future. All full-time employees are also eligible for equity compensation and for benefits as described on this page.
Annual Salary Range
$269,170—$326,060 USD
Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted).
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Roblox also provides reasonable accommodations to candidates with qualifying disabilities or religious beliefs during the recruiting process.
For US based roles only, please note the Company may not be able to employ candidates for this role who have United States work authorization related to certain U.S. visa categories, or support future H-1B sponsorship at this time.