Security Director, Engineering

About the role

Crunchyroll is growing and evolving, creating both new opportunities and new challenges as it protects millions of anime fans worldwide. We are looking for a security leader who wants to shape how engineering builds and operates securely at scale--while still shipping quickly and with high quality.

In this Principal-level, hands-on Security Director role, you will report to the SVP of Engineering. You will connect strategy to execution by turning security goals into secure-by-default systems and practices that teams actually use.

You will partner with engineering leaders and senior ICs to reduce friction, define priorities, and drive consistent follow-through, protecting our fans and our platform without sacrificing delivery velocity. Success will be through influence and enablement. You will also periodically build proof of concept solutions that make it easier for teams to adopt the right security patterns, such as reference implementations and tooling integrations.

This position is based in Los Angeles, California.

Core Areas of Responsibility

In this role, you will be a force multiplier for engineering, setting the direction, building key parts, and ensuring follow-through so security becomes a durable part of how Crunchyroll ships. You will own the engineering-facing mechanisms that make security real in day-to-day delivery:

• Security execution at scale: Drive adoption of required controls across engineering by establishing clear engineering playbooks, paved paths, and secure-by-default platform capabilities that can be consistently adopted across services, regardless of engineering domain.
• Design-time security embedded in engineering workflows: Ensure threat modeling and security architecture considerations are built into how engineering designs and ships using approved patterns and reference architectures as the default starting point.
• Practical requirements shaping: When requirements are infeasible or disproportionately costly, you'll drive early escalation and propose alternatives (sequencing, compensating controls, platform changes) so we maintain momentum without accepting unmanaged risk.
• Cross-team alignment and escalation: Identify cross-domain architectural risks and drive resolution across teams, bringing the right stakeholders together and escalating when tradeoffs require executive judgment.
• Vulnerability closure and systemic risk reduction: Run the operating rhythm across engineering for vulnerability intake, triage, ownership assignment, remediation planning, verification, and escalation. Ensure timely fixes and eliminate repeat issue classes through platform/tooling improvements.
• Tooling integration and evidence readiness: Partner with engineering teams to integrate enterprise security tooling into CI/CD and production environments, and ensure engineering can reliably produce evidence of compliance in a low-friction, automated way.
• Incident readiness and closure: Improve security incident preparedness in engineering (runbooks, exercises, detection hooks) and ensure post-incident actions translate into durable engineering improvements.
• Partner with Global Security for execution: Serve as the primary engineering counterpart to Global Security, translating enterprise policies, controls, tooling, and compliance requirements into adoptable engineering practices and roadmaps, and feeding back where standards need better patterns, automation, or sequencing to scale.

What success looks like

Success in this role is not about managing security reviews, success is measurable engineering outcomes:

• Security controls are implemented broadly with minimal friction because the secure path is well defined
• Vulnerabilities have clear owners, predictable remediation, and decreased recurring issues
• Security is incorporated into roadmap planning and architecture decisions by default

About You

We get excited about candidates like you, because …

• You exhibit Principal-level technical leadership with a proven track record of leading cross-team security initiatives through influence, clarity, and shipping real systems—not just policies.
• You have strong application security fundamentals such as: authn/authz, session security, secure API design, data protection, threat modeling, and secure SDLC practices.
• You are a practical risk manager, with the ability to prioritize, measure tradeoffs, and create guardrails that teams actually adopt.
• You have cloud & platform security experience such as: IAM concepts, secrets management, key management, service-to-service auth patterns, and logging/detection fundamentals.
• You have a DevSecOps and automation mindset and have experience integrating security checks into CI/CD with minimal developer friction.
• You exhibit depth in vulnerability management, knowing how to triage, develop remediation strategies, verify fixes, all while partnering with teams to close the loop quickly.
• You have excellent communication skills including concise, executive-ready writing and strong technical coaching abilities for engineers.

Preferred, but not required:

• Experience with streaming/media security and DRM ecosystems and output protection concepts.
• Experience with mobile and device ecosystems (iOS/Android/TV devices), including secure storage patterns and platform attestation.
• Familiarity with reverse engineering tools and client hardening/anti-tamper approaches.
• Exposure to privacy/security compliance partnerships (GRC) and working with legal/product on policy requirements.

About the Team

Crunchyroll Engineering builds the systems that power discovery, playback, commerce, and partner device integrations for anime fans worldwide. We operate across a diverse ecosystem of devices, platforms, and services, and we value autonomy, ownership, and high-leverage engineering.

Why you will love working at Crunchyroll

In addition to getting to work with fun, passionate and inspired colleagues, you will also enjoy the following benefits and perks:

#LifeAtCrunchyroll #LI-Hybrid