Security Researcher Intern, Trust Engineering in Cambridge

Teamwork makes the stream work. Roku is changing how the world watches TV. Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico, and we have set our sights on powering every television in the world. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engage consumers. From your first day at Roku, you will make a valuable and valued contribution. We are a fast-growing public company where no one is a bystander. We offer you the opportunity to delight millions of TV streamers around the world while gaining meaningful experience across a variety of disciplines.

At Roku, our Trust Engineering team is a close-knit group of passionate professionals. Our mission is to protect our customers, partners, devices, services, infrastructure, and data. We work collaboratively, sharing insights and expertise to stay ahead of the curve. Join us, and you will be part of a dynamic team that thrives on challenges and celebrates victories together.

Join Roku’s Trust Engineering team as a Security Researcher Intern, where your passion for security and technology will help drive our success. We offer a paid 12-week internship, starting in Summer 2026. As a Security Researcher Intern, you will be assigned a scoped project that strengthens our security posture. You will improve our firmware security tooling by enhancing CodeQL-based static analysis, building coverage-guided QEMU fuzzing harnesses, and owning an end-to-end research-driven engineering project.

What you will be doing:

• Design and implement static analysis improvements: Extend CodeQL queries/extractors to cover new firmware components. Reduce noise via diff-aware analysis, deduplication, and better handling of dead code. Make results more actionable for engineers (grouping, severity, exploitability hints).
• Build and enhance fuzzing and dynamic analysis: Prototype or extend QEMU-based harnesses using frameworks such as AFL++ or Syzkaller. Add instrumentation and coverage reporting to guide corpus evolution and test effectiveness. Feed fuzzing results back into static analysis as new rules or patterns.
• Own a well-scoped research-plus-engineering project from design through implementation, evaluation, documentation, and an end-of-internship presentation.

We are excited if you have:

• Currently enrolled in a Bachelor, MS or PhD program in CS, CE, EE, or a closely related field.
• Strong programming skills in C/C++ and Python, with experience working on non-trivial systems code.
• Solid foundation in OS concepts, algorithms/data structures, and Linux development (shell, build systems, debugging tools).
• Comfortable with git and modern CI systems (e.g., GitLab, GitHub Actions).
• Bonus points for coursework or research in software security, program analysis, or compilers.
• Hands-on experience with static analysis (CodeQL, Clang-Tidy, Coverity, Infer) or fuzzing (AFL++, libFuzzer, Syzkaller).
• Experience with firmware/embedded systems or prior research/technical reports in related areas.

If you are excited about applying program analysis and fuzzing techniques to protect millions of streaming devices, we would like to hear from you.

Our Hybrid Work Approach: Roku fosters an inclusive and collaborative environment where teams work in the office Monday through Thursday. Fridays are flexible for remote work except for employees whose roles are required to be in the office five days a week or employees who are in offices with a five-day in-office policy.

Benefits: Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Our comprehensive benefits include global access to mental health and financial wellness support and resources. Local benefits include statutory and voluntary benefits which may include healthcare (medical, dental, and vision), life, accident, disability, commuter, and retirement options (401(k)/pension). Our employees can take time off work for vacation and other personal reasons to balance their evolving work and life needs. It is important to note that not every benefit is available in all locations or for every role. For details specific to your location, please consult with your recruiter.

Accommodations: Roku welcomes applicants of all backgrounds and provides reasonable accommodations and adjustments in accordance with applicable law. If you require reasonable accommodation at any point in the hiring process, please direct your inquiries to EmployeeRelations@Roku.com.

The Roku Culture: Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the company's success rather than their own. We try to surround ourselves with people who are great at their jobs, who are easy to work with, and who keep their egos in check. We appreciate a sense of humor. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. We are independent thinkers with big ideas who act boldly, move fast and accomplish extraordinary things through collaboration and trust. In short, at Roku you will be part of a company that is changing how the world watches TV. We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers, which itself is a two-part idea. We come up with the solution, but the solution isn’t real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation and has served us well since 2002.