Principal Security Software Engineer, Enterprise IAM
Job Summary
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
About the Role
As a Principal Security Software Engineer in the Enterprise Security team, you will advance Roblox's Enterprise Security strategy by building the systems and integrations that protect Roblox's corporate infrastructure. Where traditional security engineers evaluate and deploy vendor solutions, you will design and build production-grade security software - Identity and Access governance, policy enforcement engines, and security integrations that scale with Roblox's business.
Responsibilities
- Build identity and access systems: Design, implement, and own integrations across Roblox's IAM ecosystem, including SSO federation, SCIM provisioning/deprovisioning pipelines, OAuth 2.0 authorization servers, and token lifecycle management.
- Lead security automation: Develop production-quality tools and services that enforce security policies at scale, replace manual workflows, and surface actionable signals.
- Drive secure-by-design implementations: Partner with Corporate Engineering, DevOps, and product teams to embed security controls into enterprise systems and developer workflows.
- Evaluate and extend vendor platforms: Assess commercial IAM and security tooling, then build the custom integrations, connectors, and automation layers that make them work at Roblox's scale.
Requirements
- Deep understanding of Human and Machine Identity and Authentication protocols like OAuth 2.0, SCIM 2.0, SAML 2.0, Transaction tokens, FIDO2/WebAuthn and Passkeys, SPIFFE/SPIRE
- Experience with one or more policy-as-code or authorization frameworks (OPA/Rego, Cedar, Zanzibar/ReBAC)
- Proficiency in at least one systems or backend language: Python, Go, Rust
- Proficiency with security-relevant system design: session management, audit logging, rate limiting, secret storage
- Experience in Threat modeling for authentication and authorization systems
- Understanding of Zero trust architecture and least-privilege access patterns
- 10+ years of relevant professional experience combining SWE and security
Qualifications
- Engineer First: You approach problems with code and systems thinking, building reliable security platforms that engineering teams can depend on
- Protocol Fluent: You have hands-on experience implementing identity standards and can navigate RFC-level details to debug complex authentication and authorization issues.
- Collaborative: You love working with your direct team and cross-functional partners across engineering, DevOps, and business teams to deliver security outcomes without slowing them down.
- Strategic Thinker: You define clear technical requirements and assess commercial solutions to inform build vs. buy decisions, balancing security rigor with engineering pragmatism.
- Comfortable with Ambiguity: You gather data, navigate complex situations, and make sound technical decisions even when facing incomplete information or unclear requirements.
Benefits
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Pay
The starting base pay for this position is [insert actual base pay here]. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future.
Schedule
Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted).