Senior Security Engineer

Teamwork makes the stream work. Roku is changing how the world watches TV. Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico, and we have set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engage consumers. From your first day at Roku, you'll make a valuable - and valued - contribution. We're a fast-growing public company where no one is a bystander. We offer you the opportunity to delight millions of TV streamers around the world while gaining meaningful experience across a variety of disciplines.

About The Team: The Roku trust engineering team is a close-knit group of professionals with a passion for information security. Our mission is to protect our customers, partners, devices, services, infrastructure, and data. We work collaboratively, sharing insights and expertise to stay ahead of the curve. Join us, and you'll be part of a dynamic team that thrives on challenges and celebrates victories together.

About The Role: As a senior security engineer in the Trust engineering team, you will be involved in supporting the design, implementation and management of Roku's end-to-end security systems and controls impacting a global user base.

What You Will Be Doing:

• Trust Information Security Operations
• Supporting the design and implementation of information security systems and frameworks including threat prevention, detection and mitigation tools.
• Manage, maintain and optimize security information and event management (SIEM) platforms and associated security infrastructure.
• Detect and respond to information security incidents, support development and management of detection rules and reporting, lead technical aspects of incident investigation and response.
• Vulnerability management, analysis, oversee the vulnerability management lifecycle and reporting, support prioritization and advise relevant stakeholders on vulnerability status and postures.
• Security controls, identify risks in new and existing projects and environments and support the implementation of necessary security controls to meet business needs.
• Design and implement security orchestration, automation and response (SOAR) playbooks and procedures in order to improve response times and ensure consistent approach to incidents.
• Provide mentorship and support to junior engineers and analysts, act as escalation point for complex issues.
• Support in testing and evaluation of security products and solutions.
• Support the development and management of the security operations centre (SOC) function as it is built up and developed into the future.
• Raise awareness of security policies and best practices across the organisation.
• Continue to contribute to ongoing development of best practices, procedures and security training across the organisation.

We Are Excited If You Have:

• Deep understanding of SIEM, EDR, cloud security services (e.g., AWS GuardDuty), and various security technologies.
• Significant experience in automation and development of automated playbooks and associated processes in security orchestration, automation and response (SOAR) environments.
• The creation of incident response plans and leading incident response efforts when required.
• Threat intelligence, knowledge of tactics, techniques, and procedures (TTPs) utilised by threat actors and how to generate and deploy mitigation strategies.
• Experience in the administration and management of identity and access management solutions (ex AD, EntraID, Okta etc).
• Vulnerability management, monitoring, reporting and engagement with necessary stakeholders to ensure timely remediation.
• Strong understanding of network security principles and encryption technologies.
• Experience in scoping and coordination of penetration testing engagements and associated triage and mitigation dependent upon findings.
• Experience of the secure software development lifecycle (S-SDLC) and security requirements.
• Experience of security change management processes and procedures.
• Experience of risk assessment and advisory capabilities on both internal systems and products/solutions from third party vendors (SaaS, AI etc).
• Experience in contributing to the development, implementation and management of security policies and procedures.
• Strong knowledge of security frameworks and industry best practices - such as ISO 270001, NIST, PCI-DSS and others.
• Strong analytical and problem-solving capabilities.
• Effective communication and collaborative skills to work across diverse cross-functional teams including development, IT, Legal, Governance and Risk etc.
• Experience in mentoring and the development of more junior staff members within an SOC environment.

Benefits: Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Our comprehensive benefits include global access to mental health and financial wellness support and resources. Local benefits include statutory and voluntary benefits which may include healthcare (medical, dental, and vision), life, accident, disability, commuter, and retirement options (401(k)/pension). Our employees can take time off work for vacation and other personal reasons to balance their evolving work and life needs. It's important to note that not every benefit is available in all locations or for every role. For details specific to your location, please consult with your recruiter.

The Roku Culture: Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the company's success rather than their own. We try to surround ourselves with people who are great at their jobs, who are easy to work with, and who keep their egos in check. We appreciate a sense of humour. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. We're independent thinkers with big ideas who act boldly, move fast and accomplish extraordinary things through collaboration and trust. In short, at Roku you'll be part of a company that's changing how the world watches TV. We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers, which itself is a two-part idea. We come up with the solution, but the solution isn't real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation, one that has served us well since 2002.