Senior Security Engineer - Cloud, DevSecOps, Trust Engineering

Teamwork makes the stream work.

Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico, and we've set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engage consumers.

At Roku, our Trust Engineering team is a close-knit group of passionate professionals. Our mission? To protect our customers, partners, devices, services, infrastructure, and data. We work collaboratively, sharing insights and expertise to stay ahead of the curve. Join us, and you'll be part of a dynamic team that thrives on challenges and celebrates victories together.

As a Senior Security Engineer on the Trust Cloud team, your role involves architecting, designing, and implementing end-to-end security controls to impact the global user base. A key focus is on developing automated, scalable security solutions to enhance efficiency and protect Roku. This position requires expertise in creating and extending security automation tools, including detection and process automation.

• Designing and implementing scalable, automated security controls for AWS and GCP using infrastructure-as-code, configuration-as-code, and policy-as-code approaches (Terraform, etc.), and developing supporting automation in Go and Python.
• Partnering with infrastructure, platform, and application teams to embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).
• Conducting security reviews and performing threat modeling for infrastructure, platform, and application initiatives.
• Improving IAM policies, network configurations, DNS security, and cloud resource management practices.
• Designing and implementing integrations with third‑party security platforms to automate vulnerability management, secret detection, and cloud posture monitoring, ensuring findings are actionable and seamlessly integrated into engineering workflows.
• Respond to security incidents and triage, contain, remediate, and report.
• Leverage AI to accelerate your learning and enhance your work products.
• Driving security initiatives end-to-end – from identifying risks to delivering solutions – with high autonomy in a fast-moving environment.

• Designing and implementing automated security controls in CI/CD pipelines using GitLab, Terraform, and policy-as-code approaches.
• Building and maintaining developer-friendly tools and workflows that integrate security checks (SAST, DAST, dependency scanning, container scanning) and secure secret management with Vault.
• Partnering with development, infrastructure, and platform teams to embed security into architecture, build processes, and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).
• Automating vulnerability detection, misconfiguration checks, and compliance validation across cloud and containerized environments.
• Creating reusable security automation modules, templates, and patterns for engineering teams to adopt.

• Experience doing security consulting and extensive time doing hands‑on implementation.
• 3+ years of Software Engineering experience with at least one general-purpose programming language (ex. Python, Golang, C, Rust, etc.).
• Extensive experience in either PostgreSQL or MySQL, with expertise in architecting, designing, securing, hardening, authentication, authorization, and auditing.
• 3+ years of experience working with/on BDPs.
• Developed and/or implemented data tagging, data catalogs, or other data protection related activities.
• Experience designing and administering enterprise identity and access management solutions at scale (ex: AD, EntraID, Okta, etc.).
• Experience securely running and operating web applications, web services, and service-oriented architecture in production environments.
• A proven track record of deploying and operating Kubernetes and containers in production.
• Experience deploying and operating infrastructure in other cloud providers (Azure, Oracle, IBM, etc.).
• Experience managing PKI/ X.509 certificate infrastructures.

#L1-GL1

Roku fosters an inclusive and collaborative environment where teams work in the office Monday through Thursday. Fridays are flexible for remote work except for employees whose roles are required to be in the office five days a week or employees who are in offices with a five‑day in‑office policy.

Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Our comprehensive benefits include global access to mental health and financial wellness support and resources. Local benefits may include statutory and voluntary coverage which can include healthcare (medical, dental, and vision), life, accident, disability, commuter, and retirement options (401(k)/pension). Our employees can take time off work for vacation and other personal reasons to balance their evolving work and life needs. It’s important to note that not every benefit is available in all locations or for every role. For details specific to your location, please consult with your recruiter.

Roku welcomes applicants of all backgrounds and provides reasonable accommodations and adjustments in accordance with applicable law. If you require reasonable accommodation at any point in the hiring process, please direct your inquiries to EmployeeRelations@Roku.com.

Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the company's success rather than their own. We try to surround ourselves with people who are great at their jobs, who are easy to work with, and who keep their egos in check. We appreciate a sense of humor. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. We are independent thinkers with big ideas who act boldly, move fast, and accomplish extraordinary things through collaboration and trust. In short, at Roku you'll be part of a company that's changing how the world watches TV. We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers, which itself is a two‑part idea. We come up with the solution, but the solution isn’t real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation, one that has served us well since 2002.

To learn more about Roku, our global footprint, and how we've grown, visit https://www.weareroku.com/factsheet.