Security Software Engineer

About the team

The Roku Trust Engineering team is a close-knit group of professionals with a passion for information security.  Our mission is to protect our customers, partners, devices, services, infrastructure, and data. We work collaboratively, sharing insights and expertise to stay ahead of the curve. Join us, and you’ll be part of a dynamic team that thrives on challenges and celebrates victories together.

About the role

As a Senior Security Engineer on the Trust Cloud team, your role involves architecting, designing, and implementing end-to-end security controls to impact the global user base. A key focus is on developing automated, scalable security solutions to enhance efficiency and protect Roku. This position requires expertise in cloud devops and the tools and controls to affect cloud security at scale.

What you’ll be doing

• Designing and implementing scalable, automated security controls for AWS and GCP using infrastructure-as-code, configuration-as-code, and policy-as-code approaches (Terraform, etc.), and developing supporting automation in Go or Python.  
• Partnering with infrastructure, platform, and application teams to embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).  
• Conducting security reviews and performing threat modeling for infrastructure, platform, and application initiatives.  
• Improving IAM implementations, network configurations, DNS security, and other cloud resource management practices.  
• Designing and implementing integrations with third-party security platforms to automate vulnerability management, secret detection, and cloud posture monitoring, ensuring findings are actionable and seamlessly integrated into engineering workflows.  
• Respond to cloud security incidents and use your devops skils to help triage, contain, remediate, and report  
• Leverage AI to accelerate your learning and enhance your work products 
• Driving security initiatives end-to-end — from identifying risks to delivering solutions — with high autonomy in a fast-moving environment. 
• Designing and implementing automated security controls in CI/CD pipelines using GitLab, Terraform, and policy-as-code approaches.

We’re excited if you have 

• Strong analytical and problem-solving skills with close attention to detail. 
• 5+ years of experience and a high level of proficiency in modern DevOps and Kubernetes administration 
• Proficiency in deploying infrastructure through Terraform 
• Experience developing and maintaining environments to be compliant with regulatory standards 
• Experience working with other teams to understand their environment and help them secure their cloud deployments 
• Evidence-based approach to problem-solving 
• A strong sense of initiative and desire to help teams work through challenges to achieve secure outcomes 
• Willingness to step outside of your comfort zone and take on distinct challenges 
• Preferred Qualifications:
• Experience with multiple clouds, particularly AWS, GCP, and Azure 
• Developed and/or implemented data tagging, data catalogs, or other data protection-related activities  
• Experience designing and administering enterprise identity and access management solutions at scale (ex, AD, EntraID, Okta, etc)  
• Experience in securely running and operating web applications, web services, and service-oriented architecture in production environments
• A proven track record of deploying and operating Kubernetes and containers in production

#LI-DH2