Overview

Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico. Roku aims to power every television in the world by connecting consumers to the content they love, enabling publishers to build and monetize large audiences, and providing advertisers unique capabilities to engage consumers. From day one, you’ll contribute meaningfully in a fast-growing environment where many disciplines intersect and where you can delight millions of TV streamers worldwide.

About the team

At Roku, our Trust Engineering team protects customers, partners, devices, services, infrastructure, and data. We work collaboratively, share insights, and stay ahead of the curve. You’ll join a dynamic team that thrives on challenges and celebrates victories together.

About the Role

As a Senior Security Engineer on the Trust Cloud team, you will architect, design, and implement end-to-end security controls to impact the global user base. A key focus is developing automated, scalable security solutions to enhance efficiency and protect Roku. This role requires expertise in creating and extending security automation tools, including detection and process automation.

What you will be doing

• Designing and implementing scalable, automated security controls for AWS and GCP using infrastructure-as-code, configuration-as-code, and policy-as-code approaches (Terraform, etc.), and developing supporting automation in Go and Python.
• Partnering with infrastructure, platform, and application teams to embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).
• Conducting security reviews and performing threat modeling for infrastructure, platform, and application initiatives.
• Improving IAM policies, network configurations, DNS security, and cloud resource management practices.
• Designing and implementing integrations with third-party security platforms to automate vulnerability management, secret detection, and cloud posture monitoring, ensuring findings are actionable and integrated into engineering workflows.
• Respond to security incidents and triage, contain, remediate, and report.
• Leverage AI to accelerate learning and enhance work products.
• Drive security initiatives end-to-end — from identifying risks to delivering solutions — with high autonomy in a fast-moving environment.
• DevSecOps: Design and implement automated security controls in CI/CD pipelines using GitLab, Terraform, and policy-as-code approaches.
• Build and maintain developer-friendly tools and workflows that integrate security checks (SAST, DAST, dependency scanning, container scanning) and secure secret management with Vault.
• Partner with development, infrastructure, and platform teams to embed security into architecture, build processes, and deployment workflows as part of a robust SSDLC.
• Automate vulnerability detection, misconfiguration checks, and compliance validation across cloud and containerized environments.
• Create reusable security automation modules, templates, and patterns for engineering teams to adopt.

We are excited if you have

• Experience doing security consulting and extensive hands-on implementation
• 3+ years of Software Engineering experience with at least one general purpose programming language (e.g., Python, Golang, C, Rust)
• Extensive experience in PostgreSQL or MySQL, with expertise in architecting, designing, securing, hardening, authentication, authorization, and auditing
• 3+ years of experience working with/on big data platforms (BDPs)
• Developed and/or implemented data tagging, data catalogs, or other data protection related activities
• Experience designing and administering enterprise identity and access management solutions at scale (e.g., AD, EntraID, Okta)
• Experience securely running and operating web applications, web services, and service-oriented architectures in production environments
• A proven track record of deploying and operating Kubernetes and containers in production
• Experience deploying and operating infrastructure in other cloud providers (Azure, Oracle, IBM, etc.)
• Experience managing PKI/X.509 certificate infrastructures

Benefits

Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Benefits include access to mental health and financial wellness resources, healthcare options, life and disability coverage, retirement options (401(k)/pension), and paid time off. Not all benefits are available in all locations or roles; consult with your recruiter for location-specific details.

The Roku Culture

Roku is a fast-paced environment where everyone focuses on the company’s success. We value talented, collaborative teammates who are easy to work with and bring humility. We believe in pragmatic, bold action and delivering customer-focused solutions. Since 2002, Roku has pursued innovation by combining problem-solving with action.

To learn more about Roku, our global footprint, and growth, visit our public materials. By providing your information, you acknowledge Roku may contact you about job roles and that you have read Roku’s Applicant Privacy Notice. If you do not wish to receive communications about this role, you may unsubscribe at any time.