Senior Offensive Security Engineer

Posted 8 Hours Ago
Be an Early Applicant
San Mateo, CA
Hybrid
234K-284K Annually
Senior level
Computer Vision • Gaming • Software • Virtual Reality • Web3 • Metaverse
Immersive gaming and creation platform
The Role
As a Senior Offensive Security Engineer at Roblox, you will lead offensive security assessments, drive collaboration with detection engineers, develop custom security tools, build security metrics frameworks, and mentor team members, focusing on enhancing security posture through innovative methods and proactive strategies.
Summary Generated by Built In

Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. 

At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. 

A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.

As an Offensive Security Engineer within the Detection and Response team (DART), you'll lead offensive security assessments that strengthen our defense capabilities. Working closely with the larger InfoSec team, detection engineers, and external engineering partners, you'll identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to enhance our security posture. You'll collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements.

You Will:

  • Lead offensive security assessments: conduct full-stack security assessments across our entire technology stack.
  • Drive detection engineering partnerships: collaborate with detection engineers through purple team exercises, attack simulations, and threat emulation to improve detection coverage.
  • Develop custom tools and frameworks: build and maintain security testing tools, BAS frameworks, and automation scripts that enable repeatable testing and quantifiable security improvements.
  • Build security metrics: design and implement frameworks to measure security control effectiveness, detection coverage, and improvement over time through consistent testing methodologies.
  • Research and innovate: stay current with the latest attack techniques, tools, and methodologies while building out both offensive and defensive security improvements.
  • Mentor and collaborate: share knowledge across security teams and foster a culture of continuous security improvement.

You Have:

  • 7+ years: professional experience in offensive security, with demonstrated experience in purple team exercises, breach attack simulation, and detection engineering teamwork.
  • Development experience: proficiency in Python or Go for building security tooling and automation, including experience with SOAR platforms and configuration management.
  • Security assessment expertise: performing full-stack security assessments of web applications, APIs, cloud infrastructure, and backend systems.
  • Platform expertise: implementing and managing breach attack simulation platforms while working with detection engineering teams to validate and improve detection coverage.
  • Deep understanding: of OWASP Top 10 vulnerabilities; common attack techniques; exploit development; post-exploitation methodologies; security assessment frameworks (MITRE ATT&CK, PTES); BAS methodologies; and modern detection stack components (EDR, SIEM, XDR).
  • Knowledge: of security concepts including reverse engineering, cloud security (AWS/Azure/GCP), container security, CI/CD pipeline security, API security, and security metrics development.
  • Certifications: such as OSCP, OSCE, GXPN, or equivalent practical experience.
  • Interpersonal skills: strong analytical and problem-solving abilities; excellent technical writing for detailed reports; ability to clearly communicate complex technical concepts; self-motivated with a passion for offensive security and detection engineering.

For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future. All full-time employees are also eligible for equity compensation and for benefits.

Annual Salary Range

$233,840$283,780 USD

Roles that are based in our San Mateo, CA Headquarters are in-office Tuesday, Wednesday, and Thursday, with optional in-office on Monday and Friday (unless otherwise noted).

You’ll Love: 

  • Industry-leading compensation package
  • Excellent medical, dental, and vision coverage
  • A rewarding 401k program
  • Flexible vacation policy (varies by exemption status)
  • Roflex - Flexible and supportive work policy 
  • Roblox Admin badge for your avatar
  • At Roblox HQ: 
    • Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
    • Onsite fitness center and fitness program credit
    • Annual CalTrain Go Pass

Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Roblox also provides reasonable accommodations for all candidates during the interview process.

Top Skills

Go
Python

What the Team is Saying

Claus
Ying
Denise
Andrea
The Company
HQ: San Mateo, CA
2,500 Employees
Hybrid Workplace
Year Founded: 2004

What We Do

Roblox is an immersive gaming and creation platform that offers people millions of ways to be together, inviting its community to explore, create and share endless unique experiences. Our vision is to reimagine the way people come together — in a world that's safe, civil, and optimistic. To achieve this vision, we are building an innovative company that, together with the Roblox community, has the ability to strengthen our social fabric and support economic growth for people around the world.

Why Work With Us

Every day, Roblox employees tackle complex questions and drive incredible innovation. Join us in building the future of human connection and communication.

Gallery

Gallery
Gallery
Gallery
Gallery

Roblox Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

We are requiring employees to be in the office three days a week – with core days being Tuesday, Wednesday, and Thursday. On Mondays and Fridays, employees may choose to work remotely, although the office will still be open.

Typical time on-site: 3 days a week
Company Office Image
HQSan Mateo, CA
IN
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account