Staff Engineer, Security & Compliance

Ellation, San Francisco

Building Premium Video Experiences

Crunchyroll is the world's most popular anime brand. We’re an international business focused on creating both online and offline experiences for anime fans, through content (licensed, co-produced, and originals), merchandise, events, gaming, news, and more.

About the Team
The Security and Compliance team is a group responsible for strengthening the security architecture of our user-facing applications and responding to security incidents in this area. The Security & Compliance team is one of a few heads of our security domains and regularly works with other teams across the organization to protect these assets.
Location: San Francisco
Our headquarters is located in downtown San Francisco, where our group of cross-functional experts assemble to create experiences for Crunchyroll and VRV’s passionate communities.

About You
You are a highly motivated and talented technical individual to join us as a Staff Security and Compliance Engineer, functioning as a lead of a small team within the larger engineering organization. You have a strong technical background and either knows about or was specifically involved in the exciting world of “DevSecOps”, though with an emphasis on the developer side. If you enjoy fighting fraud and keeping our customers safe and happy, this is your chance to deliver GREAT JUSTICE.


  • Bachelors in Computer Science or Engineering, or equivalent work experience.
  • 5+ years as a software engineer
  • Experience with LAMP environments
  • Experience with cloud-based infrastructure and its configuration
  • 2+ years of experience with secure development practices and/or securing infrastructure
  • Experience with common UNIX command-line operations and bash
  • Experience with issue tracking software
  • Sensitivity toward handling and exposure of sensitive data
  • Knowledge of the OWASP Top 10

Nice to Haves 

  • The ideal candidate has two or three of the below in addition to the above:
  • You have worked with PCI-compliant systems
  • You’ve worked with heuristics or advanced threat detection based on machine learning models
  • You have configured AWS IAM roles, policies and know best practices therein
  • You have experience working with microservice architecture
  • You have CISSP certification or a related security certification
  • You have experience in technical training or have given presentations on technical topics professionally
  • You have already submitted a vulnerability to [email protected] or our HackerOne program!

A Day in the Life of Our Staff Security & Compliance Engineer

  • On any given day, you may find yourself doing the following:
  • Investigating and evaluating vulnerabilities in platform services built on both a traditional LAMP stack and the cloud with Golang
  • Recommending fixes based on domain knowledge for other engineering teams
  • Contributing considerations in implementing security controls that factor in technical implications as well as impact on end users and other developers
  • Educating others in the Security and Compliance team on methods of investigation and penetration where necessary
  • Automating security audits of applications and the security configurations of their host infrastructure
  • Documenting vulnerabilities and their impact for potential stakeholders
  • Reviewing the evaluations of other engineers in the team
  • Investigating user-submitted exploits as a part of our bug bounty program
  • Infrequently, you may also find yourself responding to security incidents affecting our end-user applications, identifying scope of what’s impacted and who to get involved to help contain the threat.

Benefits: San Francisco Office

  • Competitive salary
  • Medical, dental, vision, STD, LTD, and life insurance
  • Health care and dependent care FSA
  • 401(k) plan with employer match
  • Employer paid commuter benefit
  • On-site gym, showers, yoga, and wellness classes
  • Catered lunch and dinner 4 days per week
  • Skilled, passionate, and fun co-workers
  • Pet friendly environment - pet insurance and dog friendly office


What’s with the name, Ellation? We’re all a cast of characters that get passion and strive to celebrate fandom in all its forms. So we’re building a collection of destinations (a constellation, if you will) that connect people with their passions. Each day, we work to achieve complete fan elation (our vision), starting with popular subscription-video-on-demand brands, Crunchyroll, Rooster Teeth, and VRV. Our team spans across San Francisco, Los Angeles, Austin, Chișinău, and Tokyo to develop the product, design, engineering, marketing, and content that brings our communities of fans together.


Crunchyroll is the world's most popular anime brand. We’re an international business focused on creating both online and offline experiences for anime fans, through content (licensed, co-produced, and originals), merchandise, events, gaming, news, and more.  

Rooster Teeth

Rooster Teeth is the entertainment company for gamers. A pioneer in digital entertainment, we’ve spent 16 years fostering a passionate worldwide community around original western-style anime, animation, podcasts, gaming personalities, and comedy content. Rooster Teeth’s diversified business encompasses subscription video, live events, merchandise, brand integrations, licensed studio productions, game development, and more.


VRV is a collection of fandom brands on a unified platform and includes Crunchyroll, Rooster Teeth, Viacom’s NickSplat, and more. Our community connects through immersive content experiences in a digitally-driven environment via bundled subscription, a la carte subscription, or ad-supported options.

We are an equal opportunity employer and value diversity at Ellation. Pursuant to applicable law, we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

About Ellation

ABOUT US We are lucky to love what we do; bringing great content to passionate audiences on the platforms that matter. We operate at the intersection of technology and media and are redefining the next wave of media interaction and consumption. We are product, design, engineering, marketing and content people looking to bring communities together, build sustainable business models for content creators and use technology to increase engagement and access to content globally. We are builders. We are fans. We are innovators. We are Ellation.

Want to learn more about Ellation? Visit Ellation's website.