Roku is hiring a Security Software Engineer

Role Overview

You’ll play a key role in shaping the security foundation of a large-scale, cloud-native platform. As part of the Trust Cloud team, you will design and deploy automated security systems that protect infrastructure, applications, and data across hybrid and multi-cloud environments. With a focus on scalability and integration, you’ll ensure security keeps pace with rapid development cycles while maintaining high standards of compliance and resilience.

Key Responsibilities

• Build and maintain secure, automated cloud infrastructure using Terraform and policy-as-code frameworks across AWS and GCP.
• Collaborate with engineering teams to integrate security practices into CI/CD pipelines using GitLab, ensuring secure by design principles are embedded early.
• Conduct threat modeling and security assessments for new platforms and services to proactively identify and mitigate risks.
• Enhance identity and access management, network security, and DNS configurations to strengthen cloud posture.
• Integrate third-party security tools to automate detection of vulnerabilities, secrets, and misconfigurations, making findings actionable within developer workflows.
• Respond to security incidents in cloud environments, leveraging DevOps expertise to investigate and resolve issues efficiently.
• Use AI-assisted tools to improve analysis, documentation, and solution development speed without sacrificing accuracy.
• Lead security initiatives from concept to completion, working independently in a fast-moving, collaborative environment.

What You Bring

• 5+ years of hands-on experience in DevOps and Kubernetes operations, with proven ability to secure production environments.
• Strong proficiency in infrastructure-as-code using Terraform and scripting in Go or Python.
• Experience implementing compliance controls for regulated environments.
• Ability to work cross-functionally, guiding teams toward secure cloud deployments.
• Detail-oriented mindset with an evidence-based approach to solving complex security challenges.
• Initiative to identify gaps and drive improvements without direct oversight.
• Adaptability and willingness to tackle unfamiliar domains and evolving threats.

Nice to Have

• Multi-cloud experience across AWS, GCP, and Azure.
• Background in data classification, data catalogs, or data protection frameworks.
• Familiarity with enterprise identity platforms such as Okta, Active Directory, or EntraID.
• Production experience with containerized applications and Kubernetes at scale.
• Track record of securing web services and service-oriented architectures in live environments.

Work Environment

This is a hybrid role with team members based across the U.S., Canada, and Mexico. The position supports a globally distributed platform, requiring collaboration across time zones with flexibility built into workflows. You’ll operate in a culture that values ownership, innovation, and teamwork—where every contribution directly impacts the security and experience of millions of users.