Principal Detection and Response Engineer

About the role:

As a Principal Security Engineer on the Detection and Response (D&R) team at Roblox, you'll play a key role designing and developing effective custom security data pipeline systems, detection strategies and automations for response workflows to defend our critical assets from threat actors. You will also lead real-time incident response, actively investigate events and analyze threat actor techniques to prioritize emerging threats to ensure Roblox is equipped to mitigate and react to critical challenges. You will play a vital part to ensure the safety of our community and enterprise by proactively fostering a high-performing, inclusive security culture. This is a hybrid in-office role.

You Will:

• Be a D&R authority! You will deliver robust detection & response capabilities: build new threat detection systems (keeping false positives low) while also automating processes with scripts, playbooks and orchestration tooling.
• Implement ETL pipelines: Design and develop customized data processing pipelines.
• Conduct security operations: Actively monitor security events and participate in on-call rotations to lead real-time incident response to contain and mitigate potential security issues.
• Build positive relationships: Collaborate with internal teams like InfoSec, Engineering, Product and Safety to design scalable solutions.
• Help grow the D&R team: Guide and support junior engineer careers and contribute to hiring.

You Have:

• 8+ years of experience in Detection and/or Response: with a passion for security engineering, threat detection, threat hunting, and incident management.
• 4+ years of Security Data Engineering experience with streaming pipelines: You’ve built production grade ETL data processing pipelines end to end using Kafka / PubSub, Spark / Flink, Athena / BigQuery or similar.
• Software Development (SWE): Mastery building efficient, reliable, CI/CD deployed, scalable systems using programming languages like C, Golang or Java.
• Engineering experience with SIEM, EDR, NDR, and SOAR technologies: You have on-boarded logs in your sleep and built custom detections/automations for complex environments.
• Conducted incident response: Structured, mature incident response processes are your vocabulary to swiftly resolve security incidents. Afterwards, you use evidence and data to tell the story and ensure action items are meticulous and complete.
• Familiarity across multiple domains: Deep understanding of network protocols, operating systems, cloud environments, virtualized hosts, containers, in order to identify potential threats to each.
• Core security skills: Analytical thinking, crisis management, root cause analysis, and problem-solving, with a meticulous approach to identifying, investigating, and responding to incidents.