As a
Senior Security Software Engineer on the IAM team at Roblox, you'll build the next generation of identity and access management - defining how both
humans and AI agents get identity, authenticate, and receive access to Roblox's production infrastructure. As AI agents become first-class actors in our systems, you'll design the tooling and policy that governs what they can do, how they prove who they are, and how we keep that access safe at scale. You'll also continue to evolve our workload authentication, privileged access management, and secure "golden path" for developers. Your work will directly shape the security posture of our entire production environment and set the standard for agentic IAM across the industry.
You will:- Design Identity and Access for AI Agents: You will define how AI agents get credentials, receive scoped permissions, and have their sessions managed throughout their lifecycle - pioneering the patterns for agentic identity in production.
- Engineer Hybrid Production IAM at Scale: You will design and implement scalable IAM solutions for Roblox's hybrid production environment, spanning on-premises and cloud infrastructure, ensuring secure and efficient access for humans, workloads, and AI agents across the entire ecosystem.
- Develop and Manage Workload Authentication & Authorization: You will build robust authentication and authorization mechanisms for workloads and services accessing production environments, enforcing least privilege and secure access controls.
- Establish the Secure Golden Path for Development: You will develop and maintain a streamlined, secure "golden path" framework that empowers developers to build tools and services with appropriate IAM controls baked in by default.
- Have the independence, opportunity, and end-to-end responsibility to develop security services within the Roblox infrastructure ecosystem.
You have:- 4+ years of relevant professional experience building scalable, distributed backend applications.
- Proficiency in at least one programming language such as Python, Java, Go, C++, or C# .NET.
- AI fluency: You actively use AI tools in your daily workflow, understand LLM capabilities and limitations, and can reason about what it means to give an AI agent an identity and permissions.
- Knowledge of REST APIs, design patterns, and scalable containerized systems and microservices.
- Experience mentoring or leading the technical work of other engineers.
- Familiarity with policy and identity frameworks like OPA, Topaz, SPIFFE/SPIRE, or similar technologies used for policy enforcement, workload attestation, and identity federation in cloud-native environments
- Experience with Public Key Infrastructure (PKI) - design, implementation, or maintenance of PKI solutions
- Experience with Privileged Access Management (PAM) - implementing or maintaining PAM solutions to control, monitor, and audit privileged access within production environments
- Familiarity with access control models such as Role-Based (RBAC), Attribute-Based (ABAC), or Risk-Based Access Control
For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future. All full-time employees are also eligible for equity compensation and for benefits as described on
this page.
Annual Salary Range
$269,170-$326,060 USD
Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted).
