Overview

Senior Security Engineer - Cloud, DevSecOps, Trust Engineering

Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico. Our mission is to be the TV streaming platform that connects the entire TV ecosystem, enabling consumers to access content, publishers to build and monetize audiences, and advertisers to engage viewers. We are a fast-growing public company where collaboration and impact matter from day one.

About the team

Our Trust Engineering team protects customers, partners, devices, services, infrastructure, and data. We work collaboratively to stay ahead of security challenges and celebrate victories together.

About the Role

As a Senior Security Engineer on the Trust Cloud team, you will architect, design, and implement end-to-end security controls that impact Roku’s global user base. You will develop automated, scalable security solutions and extend security automation tooling, including threat detection and operational automation.

What you will be doing

Cloud

• Design and implement scalable, automated security controls for AWS and GCP using infrastructure-as-code, configuration-as-code, and policy-as-code approaches (Terraform, etc.), and develop automation in Go and Python.
• Partner with infrastructure, platform, and application teams to embed security into architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).
• Conduct security reviews and threat modeling for infrastructure, platform, and application initiatives.
• Improve IAM policies, network configurations, DNS security, and cloud resource management practices.
• Design and implement integrations with third-party security platforms to automate vulnerability management, secret detection, and cloud posture monitoring, ensuring findings are actionable and integrated into engineering workflows.
• Respond to security incidents and triage, contain, remediate, and report.
• Leverage AI to accelerate learning and enhance work products.
• Drive security initiatives end-to-end with high autonomy in a fast-moving environment.

DevSecOps

• Design and implement automated security controls in CI/CD pipelines using GitLab, Terraform, and policy-as-code approaches.
• Build and maintain developer-friendly tools and workflows that integrate security checks (SAST, DAST, dependency scanning, container scanning) and secure secret management with Vault.
• Partner with development, infrastructure, and platform teams to embed security into architecture, build processes, and deployment workflows as part of SSDLC.
• Automate vulnerability detection, misconfiguration checks, and compliance validation across cloud and containerized environments.
• Create reusable security automation modules, templates, and patterns for engineering teams to adopt.

What we value

We are excited if you have experience in security consulting and hands-on implementation; 3+ years of software engineering with a general-purpose language (e.g., Python, Go, C, Rust); extensive experience with PostgreSQL or MySQL; 3+ years working with/on data protection frameworks; enterprise IAM solutions; secure web application operations; Kubernetes and containers in production; multi-cloud experience; PKI/X.509 management.

Benefits

Roku offers a comprehensive benefits package including global mental health and financial wellness resources, health/dental/vision, life, disability, retirement options, and paid time off. Benefits vary by location.

The Roku Culture

We value fast-paced collaboration, practical problem-solving, and bold thinking. We strive to deliver customer-focused solutions with action and trust. Visit our factsheet for more information.

By applying, you acknowledge Roku may contact you about job roles and have read Roku’s Applicant Privacy Notice. You may unsubscribe from communications at any time.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology
• Industries: Software Development