Crunchyroll

Crunchyroll is the world’s most popular anime brand, connects anime and manga fans across 200+ countries and territories with 360-degree experiences. We’re an international business focused on creating both online and offline experiences for fans through content (licensed, co-produced, originals, distribution), merchandise, events, gaming, news, and more. Visit our About Us pages for more information about our collection of brands and companies. 

About the Team
The Security and Compliance team is a group responsible for strengthening the security architecture of our user-facing applications and responding to security incidents in this area. The Security & Compliance team is one of a few heads of our security domains and regularly works with other teams across the organization to protect these assets.
Location: San Francisco
Our headquarters is located in downtown San Francisco, where our group of cross-functional experts assemble to create experiences for Crunchyroll and VRV’s passionate communities.

About You
You are a highly motivated and talented technical individual to join us as a Staff Security and Compliance Engineer, functioning as a lead of a small team within the larger engineering organization. You have a strong technical background and either knows about or was specifically involved in the exciting world of “DevSecOps”, though with an emphasis on the developer side. If you enjoy fighting fraud and keeping our customers safe and happy, this is your chance to deliver GREAT JUSTICE.

Location: San Francisco

Our headquarters is located in downtown San Francisco, where our group of cross-functional experts assemble to create experiences for Crunchyroll and VRV’s passionate communities.

Requirements

• Bachelors in Computer Science or Engineering, or equivalent work experience.
• 5+ years as a software engineer
• Experience with LAMP environments
• Experience with cloud-based infrastructure and its configuration
• 2+ years of experience with secure development practices and/or securing infrastructure
• Experience with common UNIX command-line operations and bash
• Experience with issue tracking software
• Sensitivity toward handling and exposure of sensitive data
• Knowledge of the OWASP Top 10

Nice to Haves 

• The ideal candidate has two or three of the below in addition to the above:
• You have worked with PCI-compliant systems
• You’ve worked with heuristics or advanced threat detection based on machine learning models
• You have configured AWS IAM roles, policies and know best practices therein
• You have experience working with microservice architecture
• You have CISSP certification or a related security certification
• You have experience in technical training or have given presentations on technical topics professionally
• You have already submitted a vulnerability to [email protected] or our HackerOne program!

A Day in the Life of Our Staff Security & Compliance Engineer

• On any given day, you may find yourself doing the following:
• Investigating and evaluating vulnerabilities in platform services built on both a traditional LAMP stack and the cloud with Golang
• Recommending fixes based on domain knowledge for other engineering teams
• Contributing considerations in implementing security controls that factor in technical implications as well as impact on end users and other developers
• Educating others in the Security and Compliance team on methods of investigation and penetration where necessary
• Automating security audits of applications and the security configurations of their host infrastructure
• Documenting vulnerabilities and their impact for potential stakeholders
• Reviewing the evaluations of other engineers in the team
• Investigating user-submitted exploits as a part of our bug bounty program
• Infrequently, you may also find yourself responding to security incidents affecting our end-user applications, identifying scope of what’s impacted and who to get involved to help contain the threat.

Benefits: San Francisco Office

• Competitive salary
• “Use What You Need” time away from work policy
• Medical, dental, vision, STD, LTD, and life insurance
• Health care and dependent care FSA
• 401(k) plan with employer match
• Employer paid commuter benefit
• On-site gym, showers, yoga, and wellness classes
• Catered lunch and dinner 4 days per week
• Skilled, passionate, and fun co-workers
• Pet friendly environment - pet insurance and dog friendly office

Questions about Crunchyroll's hiring process? Please check out our FAQ

About Crunchyroll

Crunchyroll, a WarnerMedia company (as a subsidiary of Otter Media) and the world’s most popular anime brand, connects anime and manga fans across 200+ countries and territories with 360-degree experiences. 

Fans have access to the largest collection of licensed anime through Crunchyroll, Anime Digital Network (in partnership with Citel, a subsidiary of Média-Participations), and Anime on Demand video streaming services, translated in multiple languages for viewers worldwide. Viewers can also access simulcasts — top series available immediately after Japanese broadcast. Crunchyroll's services also extend to licensing of theatrical, TV, home video, and consumer product rights. 

Fans engage further with events (including owned events Crunchyroll Expo, Anime Awards, Crunchyroll Movie Nights, KAZÉ Movie Nights), consumer products through eCommerce and retail partners (Crunchyroll, KAZÉ, AV Visionen), Crunchyroll Games, KAZÉ Games, and manga (KAZÉ Manga, Crunchyroll Manga app, Crunchyroll Manga Store).

Crunchyroll was founded in 2006 and is headquartered in San Francisco, with offices in Los Angeles, Tokyo, Paris, Lausanne, Berlin (AV Visionen) and Chisinau (Ellation). VRV (U.S.) and Eye See Movies (Germany) are also Crunchyroll brands.

We are an equal opportunity employer and value diversity at Crunchyroll. Pursuant to applicable law, we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.