Crunchyroll · 3 days ago
Staff Product Security Engineer
Los Angeles, CA
Full-time
Onsite
Lead/Staff
$200K/yr - $249K/yrCrunchyroll is a leading platform delivering anime and manga content to a global audience. The Staff Product Security Engineer will lead the Application Security team, focusing on security strategies, binary defense architecture, and vulnerability research to enhance the integrity of Crunchyroll's applications and games.
Subscription ServiceVideo
Responsibilities
Lead, mentor, and grow the Application Security team
Define the long-term roadmap for Mobile, Desktop, and Game security to proactively mitigate reverse engineering, piracy, and cheating
Oversee the design and implementation of binary protection strategies
Direct the evaluation and integration of anti-tamper, obfuscation, and RASP solutions (e.g., Promon, Guardsquare) ensuring minimal impact on game FPS, app performance and user experience
Collaborate with game studios to design 'server-authoritative' economies and implement client-side detections for memory manipulation, touch macros, and modded APKs
Architect robust chains of trust for the ecosystem
Manage code signing certificates, secure boot processes, and the integration of hardware-backed storage (TEE) for sensitive keys
Lead internal or external 'red team' initiatives using reverse engineering tools (IDA Pro, Frida) to simulate attacks against our apps and games
Validate the effectiveness of binary defenses and attestation checks before release
Collaborate with media engineering to harden DRM implementations (Widevine, FairPlay)
Ensure secure handling of media keys and enforce output protection (HDCP)
Qualification
Required
Lead, mentor, and grow the Application Security team
Define the long-term roadmap for Mobile, Desktop, and Game security to proactively mitigate reverse engineering, piracy, and cheating
Oversee the design and implementation of binary protection strategies
Direct the evaluation and integration of anti-tamper, obfuscation, and RASP solutions (e.g., Promon, Guardsquare) ensuring minimal impact on game FPS, app performance and user experience
Collaborate with game studios to design 'server-authoritative' economies and implement client-side detections for memory manipulation, touch macros, and modded APKs
Architect robust chains of trust for the ecosystem
Manage code signing certificates, secure boot processes, and the integration of hardware-backed storage (TEE) for sensitive keys
Lead internal or external 'red team' initiatives using reverse engineering tools (IDA Pro, Frida) to simulate attacks against our apps and games
Validate the effectiveness of binary defenses and attestation checks before release
Collaborate with media engineering to harden DRM implementations (Widevine, FairPlay)
Ensure secure handling of media keys and enforce output protection (HDCP)
Solid understanding of how applications are constructed, including compilers, linkers, dynamic loaders, ABI interaction, and executable formats (ELF, Mach-O, PE)
Solid understanding of Unity (IL2CPP) and Unreal Engine security architectures
Experience designing defenses against game-specific attacks: memory editors (GameGuardian), speed hacks, wallhacks, and protecting asset integrity (AssetBundles)
Comprehensive experience with cryptographic primitives (hashing, digests) and Public Key Infrastructure (PKI), including managing digital certificates and establishing chains of trust for code signing and secure boot
Proven track record evaluating and implementing commercial shielding (Promon, Guardsquare, Verimatrix) and platform attestation (Google Play Integrity, Apple App Attest) for both apps and games
Experience with Google Widevine, Apple FairPlay, and Microsoft PlayReady, including HDCP enforcement and screen recording prevention
Hands-on experience with tools (IDA Pro, Ghidra, Frida, Il2CppDumper) to simulate attacks, analyze game logic, and validate the resilience of binary protections
Relevant certifications OWASP MASVS and the OWASP Mobile Top 10, with the ability to map these standards to engineering roadmaps
Experience securing web standards within application contexts, including HTTPS/TLS, cookie security (Secure, HttpOnly, SameSite), local storage, and Content Security Policy (CSP)
Expert handling of WebView bridges (WKWebView), ensuring secure data exchange between native and web contexts
Experience utilizing TEEs (Secure Enclave, TrustZone, TPM) for secure key storage, cryptographic operations, and offline license management
Experience automating security (SAST/DAST) within CI/CD pipelines and managing third-party SDK risks (supply chain attacks)
Benefits
Receive a great compensation package including salary plus performance bonus earning potential, paid annually.
Flexible time off policies allowing you to take the time you need to be your whole self.
Generous medical, dental, vision, STD, LTD, and life insurance
Health Saving Account HSA program
Health care and dependent care FSA
401(k) plan, with employer match
Employer paid commuter benefit
Support program for new parents
Pet insurance and some of our offices are pet friendly!
Company
Crunchyroll
Crunchyroll is a video service provider for Japanese animated productions and Asian media services. It is a sub-organization of Ellation.
Founded in 2008
1001-5000 employees
H1B Sponsorship
Crunchyroll has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (23)
2024 (15)
2023 (6)
2022 (8)
Funding
Current Stage
Late StageTotal Funding
$26.8MKey Investors
Otter MediaTV Tokyo
2020-12-09Acquired
2015-11-20Series Unknown· $22M
2010-03-25Series Unknown· $0.75M
Leadership Team
Punnoose Isaac
SVP and Head of Center for Data and Insights
Monique Barash
VP, People & Capabilities
Recent News
Android Headlines
2026-01-06
Company data provided by crunchbase