Security Director, Engineering

Описание вакансии

About Crunchyroll

Founded by fans, Crunchyroll delivers the art and culture of anime to a passionate community. We super-serve over 100 million anime and manga fans across 200+ countries and territories, and help them connect with the stories and characters they crave. Whether that experience is online or in-person, streaming video, theatrical, games, merchandise, events and more, it’s powered by the anime content we all love.

Join our team, and help us shape the future of anime!

About the role

Crunchyroll is growing and evolving, creating both new opportunities and new challenges as it protects millions of anime fans worldwide. We are looking for a security leader who wants to shape how engineering builds and operates securely at scale--while still shipping quickly and with high quality.

In this Principal-level, hands-on Security Director role, you will report to the SVP of Engineering. You will connect strategy to execution by turning security goals into secure-by-default systems and practices that teams actually use.

You will partner with engineering leaders and senior ICs to reduce friction, define priorities, and drive consistent follow-through, protecting our fans and our platform without sacrificing delivery velocity. Success will be through influence and enablement. You will also periodically build proof of concept solutions that make it easier for teams to adopt the right security patterns, such as reference implementations and tooling integrations.

This position is based in Los Angeles, California. We work a hybrid schedule and are in-office three days a week: Tuesday, Wednesday, and Thursday.

Core Areas of Responsibility

In this role, you will be a force multiplier for engineering, setting the direction, building key parts, and ensuring follow-through so security becomes a durable part of how Crunchyroll ships. You will own the engineering-facing mechanisms that make security real in day-to-day delivery:

• Security execution at scale: Drive adoption of required controls across engineering by establishing clear engineering playbooks, paved paths, and secure-by-default platform capabilities that can be consistently adopted across services, regardless of engineering domain.
• Design-time security embedded in engineering workflows: Ensure threat modeling and security architecture considerations are built into how engineering designs and ships using approved patterns and reference architectures as the default starting point.
• Practical requirements shaping: When requirements are infeasible or disproportionately costly, you'll drive early escalation and propose alternatives (sequencing, compensating controls, platform changes) so we maintain momentum without accepting unmanaged risk.
• Cross-team alignment and escalation: Identify cross-domain architectural risks and drive resolution across teams, bringing the right stakeholders together and escalating when tradeoffs require executive judgment.
• Vulnerability closure and systemic risk reduction: Run the operating rhythm across engineering for vulnerability intake, triage, ownership assignment, remediation planning, verification, and escalation. Ensure timely fixes and eliminate repeat issue classes through platform/tooling improvements.
• Tooling integration and evidence readiness: Partner with engineering teams to integrate enterprise security tooling into CI/CD and production environments, and ensure engineering can reliably produce evidence of compliance in a low-friction, automated way.
• Incident readiness and closure: Improve security incident preparedness in engineering (runbooks, exercises, detection hooks) and ensure post-incident actions translate into durable engineering improvements.
• Partner with Global Security for execution: Serve as the primary engineering counterpart to Global Security, translating enterprise policies, controls, tooling, and compliance requirements into adoptable engineering practices and roadmaps, and feeding back where standards need better patterns, automation, or sequencing to scale.

What success looks like

Success in this role is not about managing security reviews, success is measurable engineering outcomes:

• Security controls are implemented broadly with minimal friction because the secure path is well defined
• Vulnerabilities have clear owners, predictable remediation, and decreased recurring issues
• Security is incorporated into roadmap planning and architecture decisions by default

About You

We get excited about candidates like you, because …

• You exhibit Principal-level technical leadership with a proven track record of leading cross-team security initiatives through influence, clarity, and shipping real systems—not just policies.
• You have strong application security fundamentals such as: authn/authz, session security, secure API design, data protection, threat modeling, and secure SDLC practices.
• You are a practical risk manager, with the ability to prioritize, measure tradeoffs, and create guardrails that teams actually adopt.
• You have cloud & platform security experience such as: IAM concepts, secrets management, key management, service-to-service auth patterns, and logging/detection fundamentals.
• You have a DevSecOps and automation mindset and have experience integrating security checks into CI/CD with minimal developer friction.
• You exhibit depth in vulnerability management, knowing how to triage, develop remediation strategies, verify fixes, all while partnering with teams to close the loop quickly.
• You have excellent communication skills including concise, executive-ready writing and strong technical coaching abilities for engineers.

Preferred, but not required:

• Experience with streaming/media security and DRM ecosystems and output protection concepts.
• Experience with mobile and device ecosystems (iOS/Android/TV devices), including secure storage patterns and platform attestation.
• Familiarity with reverse engineering tools and client hardening/anti-tamper approaches.
• Exposure to privacy/security compliance partnerships (GRC) and working with legal/product on policy requirements.

About the Team

Crunchyroll Engineering builds the systems that power discovery, playback, commerce, and partner device integrations for anime fans worldwide. We operate across a diverse ecosystem of devices, platforms, and services, and we value autonomy, ownership, and high-leverage engineering.

Why you will love working at Crunchyroll

In addition to getting to work with fun, passionate and inspired colleagues, you will also enjoy the following benefits and perks:

• Receive a great compensation package including salary plus performance bonus earning potential, paid annually.
• Flexible time off policies allowing you to take the time you need to be your whole self.
• Generous medical, dental, vision, STD, LTD, and life insurance
• Health Saving Account HSA program
• Health care and dependent care FSA
• 401(k) plan, with employer match
• Employer paid commuter benefit
• Support program for new parents
• Pet insurance and some of our offices are pet friendly!

#LifeAtCrunchyroll #LI-Hybrid

The Pay Range for this position is listed. Actual pay will vary based on factors including, but not limited to location, experience, and performance. The range listed is just one component of Crunchyroll’s Total Rewards offerings for employees. Other rewards may include performance bonuses, employer matched retirement savings, time-off programs, and progressive health benefits and perks.

Pay Transparency - Los Angeles, CA

$236,000—$295,000 USD

About our Values

We want to be everything for someone rather than something for everyone and we do this by living and modeling our values in all that we do. We value

• Courage. We believe that when we overcome fear, we enable our best selves.
• Curiosity. We are curious, which is the gateway to empathy, inclusion, and understanding.
• Kaizen. We have a growth mindset committed to constant forward progress.
• Service. We serve our community with humility, enabling joy and belonging for others.

Our commitment to diversity and inclusion

Our mission of helping people belong reflects our commitment to diversity & inclusion. It's just the way we do business.

We are an equal opportunity employer and value diversity at Crunchyroll. Pursuant to applicable law, we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Crunchyroll, LLC is an independently operated joint venture between US-based Sony Pictures Entertainment, and Japan's Aniplex, a subsidiary of Sony Music Entertainment (Japan) Inc., both subsidiaries of Tokyo-based Sony Group Corporation.

Questions about Crunchyroll’s hiring process? Please check out our Hiring FAQs:https://help.crunchyroll.com/hc/en-us/articles/360040471712-Crunchyroll-Hiring-FAQs

Please refer to our Candidate Privacy Policy for more information about how we process your personal information, and your data protection rights: https://tbcdn.talentbrew.com/company/22978/v1_0/docs/spe-jobs-privacy-policy-update-for-crpa-dec-21-22.pdf

Please beware of recent scams to online job seekers. Those applying to our job openings will only be contacted directly from @crunchyroll.com email account.