Senior Security Operations Engineer, Incident Response Program Lead

As a Senior member of the Security Operations team, you will serve as the Incident Response Program Lead at Roblox headquarters. In this pivotal role, you will hold the ultimate responsibility for building, improving, and scaling our SIRT capabilities across people, process, and technology. You will be the architect of our response maturity, moving us beyond ad-hoc firefighting into a structured, highly orchestrated operation. While you will still be hands-on during events, your primary focus will be force multiplying: ensuring that our alert pipeline, response procedures, tooling and capabilities integrate deeply with the rest of the company. You will work directly with leadership to influence the roadmap for the Security Incident Response Team, operate cohesively with SOC operations and ensure our team is equipped to protect Roblox’s platform, developers, and millions of users.

You will:

• Lead the SIRT Program: Own the strategy and execution of the Incident Response program. Define success metrics, identify maturity gaps, and drive projects that scale our capabilities (People, Process, Technology).
• Command Security Incidents: Serve as an Incident Commander for high-severity events, ensuring threats are mitigated with speed and professionalism.
• Build & Scale Process: Create and maintain the "source of truth" for response—developing comprehensive runbooks, Incident Response Plans (IRPs), and workflows that standardize excellence across the team.
• Drive Automation & Technology: Be a driving force in SOAR and response tooling. Identify manual toil and ruthlessly automate it to free up time for high-value hunting.
• IR Mentorship & Training: Elevate the skills of the broader team. Design tabletop exercises, conduct post-incident reviews (blameless post-mortems), and ensure lessons learned are fed back into the program.
• Collaborate Cross-Functionally: Become best friends with Legal, Privacy, Comms, HR and Engineering teams to ensure our incident response processes are legally sound and technically integrated.
• Threat Hunt: Lead and participate in proactive threat hunting initiatives, using intelligence to hypothesis-test our environment against advanced adversaries.

You have:

• Experience: 8+ years of experience across Infosec, IT, Infra/SRE, and/or Incident Response.
• Specialization: 5+ years of experience specifically in Security Incident Response roles.
• Program Building: Demonstrated experience not just running incidents, but building the program capabilities that support them. You have created IRPs, defined and maintained severity matrices, and influenced IR policy to meet the latest and best standards. 
• Incident Command: Proven ability to exist in and manage chaos. You have led enterprise-wide incidents and can confidently brief executive leadership during crises.
• Technical Proficiency: Deep hands-on experience with security stack components (SIEM, EDR, IDS/IPS, SOAR). You know how o tune these tools to reduce noise and increase signal.
• Framework Knowledge: Proficiency with Incident Response frameworks (NIST, SANS, Cyber Kill Chain, MITRE ATT&CK) and the ability to operationalize them.
• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related technical field; advanced degree preferred or equivalent experience.