Crunchyroll is hiring a Product Security Engineer to lead and build our Application Security practice. You will be responsible for the security of our Mobile, Desktop, and Game platforms, defining a strategic roadmap to proactively counter threats like reverse engineering, piracy, and cheating.

What You'll Do

Lead, mentor, and grow the Application Security team and define the long-term security roadmap for Mobile, Desktop, and Game platforms.
Oversee the design and implementation of binary protection strategies, including the evaluation of anti-tamper, obfuscation, and RASP solutions.
Collaborate with game studios to design server-authoritative economies and implement client-side detections for cheating and modded APKs.
Architect robust chains of trust for the ecosystem, managing code signing, secure boot, and hardware-backed storage integration.
Lead internal or external red team initiatives using reverse engineering tools to simulate attacks and validate the effectiveness of binary defenses.
Collaborate with media engineering to harden DRM implementations and ensure secure handling of media keys.

What We're Looking For

A solid understanding of how applications are constructed, including compilers, linkers, executable formats, and ABI interaction.
A solid understanding of Unity (IL2CPP) and Unreal Engine security architectures and defenses against game-specific attacks.
Comprehensive experience with cryptographic primitives and Public Key Infrastructure (PKI), including managing digital certificates and chains of trust.
A proven track record evaluating and implementing commercial shielding and platform attestation solutions for apps and games.
Experience with Google Widevine, Apple FairPlay, and Microsoft PlayReady, including HDCP enforcement.
Hands-on experience with reverse engineering and analysis tools like IDA Pro, Ghidra, and Frida to validate protections.
Experience securing web standards within application contexts, including HTTPS/TLS, cookie security, and Content Security Policy.
Expert handling of WebView bridges to ensure secure data exchange between native and web contexts.
Experience utilizing Trusted Execution Environments (TEEs) for secure key storage and cryptographic operations.
Experience automating security (SAST/DAST) within CI/CD pipelines and managing third-party SDK risks.

Technical Stack

Analysis: IDA Pro, Ghidra, Frida, Il2CppDumper
Protection: Promon, Guardsquare, Verimatrix
Attestation: Google Play Integrity, Apple App Attest
DRM: Widevine, FairPlay, PlayReady

Team & Environment

This role reports to the Senior Director of Fan Experience Engineering Service & Tools.

Benefits & Compensation

Great compensation package including salary plus performance bonus earning potential.
Flexible time off policies.
Generous medical, dental, vision, STD, LTD, and life insurance.
Health Saving Account (HSA) program and health care/dependent care FSAs.
401(k) plan with employer match.
Employer-paid commuter benefit.
Support program for new parents.
Pet insurance and pet-friendly offices in some locations.

Work Mode

This is a hybrid position open to candidates in Dallas, Los Angeles, or San Francisco.

We are an equal opportunity employer and value diversity at Crunchyroll. Pursuant to applicable law, we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.