AppSec Jobs
← Back to all jobs

Roku

Senior Security Engineer - Cloud, DevSecOps, Trust Engineering

Cambridge, England, United KingdomWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Roku

Roku, Inc. is a technology company founded in 2002 by Anthony Wood, based in San Jose, California. The company specializes in digital media players, smart TVs, and streaming services. Roku designs and manufactures a variety of streaming devices, including Roku TV and audio products, as well as smart home products and accessories. Roku operates the Roku Channel, which offers a range of paid content through subscriptions and linear channels that cover news, sports, music, and entertainment. Its core products enable users to access popular streaming services like Amazon Prime Video, Disney+, and Netflix. Roku also develops its own operating system, Roku OS, which powers smart TVs from various manufacturers. Additionally, Roku has an advertising business that provides services to content publishers and advertisers, enhancing its streaming ecosystem. The company serves customers in the United States, the Netherlands, and the United Kingdom.

Industry

information technology & services

Employees

3,400

1398 engineers

Revenue

$4.1B

Website

Visit →

Security at Roku

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Roku's AppSec philosophy emphasizes that applications running on their devices must be encrypted and signed.
  • They aim to embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC), which includes security reviews and threat modeling.
  • A stated goal is to lead efforts to evaluate new technologies and methodologies.
  • However, no public page or talk was found that presents a single, explicit AppSec mission statement beyond platform-level app/package protection.

Security Team

Roku's AppSec team is part of a "Trust organization responsible for enterprise and product security."A key public-facing leader is Francisco Artes, Vice President, Product And Enterprise Security. The exact team size is not publicly available. As of, there are at least 2 active job postings referencing application/security engineering roles. Common skills and tools mentioned in job postings include "Terraform, Kubernetes, Linux, and Native AWS components,""Developing supporting automation in Go and Python,"and a "breadth of security knowledge and best practices, including network isolation, least privilege, zero trust, and secrets management."A public org chart showing AppSec reporting lines to CISO/CTO with explicit citations is not publicly available.

Key Initiatives

There is no public evidence of a Security Champions Program. Roku practices "Shift Left"by aiming to "embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC)."Their vulnerability management process includes a "Vulnerability Disclosure Program (VDP) powered by BugCrowd"for intake, but information on triage and remediation (e.g., SLAs, MTTR) is not publicly available. Secure SDLC artifacts include "security reviews and performing threat modeling"and ensuring applications are "packaged with a secure encryption key."Information on recent AppSec-specific initiatives (last 6 months) is not publicly available. No public documentation details operational triage SLAs, remediation workflows, or a named Security Champions program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.