Our mission is to democratize finance for all.

An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history.

If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact.

Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers.

We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Security Operations (SecOps) team works to safeguard Robinhood and its customers by identifying, investigating, and responding to security threats.

The team monitors production systems, endpoints, and cloud environments, and uses threat intelligence and structured testing to uncover risks before they affect customers.

SecOps partners closely with engineering and infrastructure teams to strengthen detection coverage and response readiness.

The team’s focus is clear: reduce risk, improve visibility, and protect customer trust every day!

As a Security Engineer, Detection & Response, you will strengthen Robinhood’s ability to detect, investigate, and contain security incidents.

You will design and improve detection logic, analyze security telemetry across cloud and endpoint systems, and contribute to measurable reductions in false positives and detection gaps.

You will work directly with SOC analysts and security engineers to refine investigation workflows and document incident findings.

This role is ideal for someone who enjoys hands-on detection engineering and improving how teams respond to real-world threats!

This role is based in our Toronto, Canada office(s), with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community.

Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Investigate security alerts across SIEM, EDR, and cloud security platforms, perform log analysis, and coordinate containment or remediation steps with engineering partners

• Develop, test, and tune detection rules using query languages to improve signal quality and reduce false positives

• Correlate data from multiple telemetry sources to identify attack patterns and determine appropriate response actions

• Monitor emerging threats and update detection logic based on investigation findings and threat intelligence reporting

• Contribute to automation efforts by building or refining SOAR playbooks and scripts that improve investigation speed and consistency

• Document incidents and contribute to post-incident reviews with clear findings and recommended improvements to detection and response processes

What you bring

• 2–4 years of experience in security operations, detection engineering, or incident response

• Experience analyzing logs and tuning alerts within SIEMs, EDR platforms, and cloud security tools

• Experience writing detections using query languages (e.g., SQL-like, KQL, or similar)

• Familiarity with threat hunting and investigation techniques across cloud and endpoint environments

• Ability to analyze security telemetry, identify patterns of malicious activity, and recommend practical improvements

• Clear written and verbal communication skills when documenting incidents and collaborating with technical teams

Nice to have:

Our ambitious roadmap requires a great culture shaped by exceptional leaders. Here’s what we expect from them:

• Experience developing and deploying SOAR playbooks to automate detection and response workflows

• Familiarity with AWS, Okta, Kubernetes, and/or Google Workspace security monitoring tools

• Experience writing software to support detection and response tooling with a focus on secure, maintainable code

• Experience in building Agentic workflows, optimizing workflows with Generative AI

What we offer

• Challenging, high-impact work to grow your career

• Performance driven compensation with multipliers for outsized impact, bonus programs, and equity ownership

• Top tier benefits to fuel your work, including supplemental health insurance, ancillary insurance, and mental health support programs

• Lifestyle wallet - a highly flexible employer-paid benefits spending account expenses beyond traditional benefits such as wellness, childcare, learning, and more.

• Time off to recharge including company holidays, paid time off, sick time, paid volunteer time off, parental leave, and more!

• Exceptional office experience with catered meals, events, and comfortable workspaces.

• Monthly commuter stipend to help offset in-office commuting costs

Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team. The form should only be completed if you need a specific accommodation.

AI Usage Disclosure: Robinhood uses artificial intelligence (AI) tools to support parts of our recruiting process. These tools enhance the efficiency and consistency of our hiring process; however, all hiring decisions are made by our hiring teams.

Vacancy Notice: This job posting represents an existing vacancy that we are actively seeking to fill.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.

The expected base pay range for this role is based on the location where the work will be performed.

Base Pay Range: Toronto, ON $136,000-$160,000 CAD

Click here to learn more about our Total Rewards, which vary by region and entity.

If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws.

Inclusion is built into how we hire and work,welcoming different backgrounds, perspectives, and experiences so everyone can do their best.

Please review the Privacy Policy for your country of application.

XML job scraping automation by YubHub

Our mission is to democratize finance for all.

An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history.

If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact.

Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers.

We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Security Operations (SecOps) team works to safeguard Robinhood and its customers by identifying, investigating, and responding to security threats.

The team monitors production systems, endpoints, and cloud environments, and uses threat intelligence and structured testing to uncover risks before they affect customers.

SecOps partners closely with engineering and infrastructure teams to strengthen detection coverage and response readiness.

The team’s focus is clear: reduce risk, improve visibility, and protect customer trust every day!

As a Security Engineer, Detection & Response, you will strengthen Robinhood’s ability to detect, investigate, and contain security incidents.

You will design and improve detection logic, analyze security telemetry across cloud and endpoint systems, and contribute to measurable reductions in false positives and detection gaps.

You will work directly with SOC analysts and security engineers to refine investigation workflows and document incident findings.

This role is ideal for someone who enjoys hands-on detection engineering and improving how teams respond to real-world threats!

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community.

Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Investigate security alerts across SIEM, EDR, and cloud security platforms, perform log analysis, and coordinate containment or remediation steps with engineering partners

• Develop, test, and tune detection rules using query languages to improve signal quality and reduce false positives

• Correlate data from multiple telemetry sources to identify attack patterns and determine appropriate response actions

• Monitor emerging threats and update detection logic based on investigation findings and threat intelligence reporting

• Contribute to automation efforts by building or refining SOAR playbooks and scripts that improve investigation speed and consistency

• Document incidents and contribute to post-incident reviews with clear findings and recommended improvements to detection and response processes

What you bring

• 2–4 years of experience in security operations, detection engineering, or incident response

• Experience analyzing logs and tuning alerts within SIEMs, EDR platforms, and cloud security tools

• Experience writing detections using query languages (e.g., SQL-like, KQL, or similar)

• Familiarity with threat hunting and investigation techniques across cloud and endpoint environments

• Ability to analyze security telemetry, identify patterns of malicious activity, and recommend practical improvements

• Clear written and verbal communication skills when documenting incidents and collaborating with technical teams

Nice to have:

Our ambitious roadmap requires a great culture shaped by exceptional leaders. Here’s what we expect from them:

• Experience developing and deploying SOAR playbooks to automate detection and response workflows

• Familiarity with AWS, Okta, Kubernetes, and/or Google Workspace security monitoring tools

• Experience writing software to support detection and response tooling with a focus on secure, maintainable code

• Experience in building Agentic workflows, optimizing workflows with Generative AI

What we offer

• Challenging, high-impact work to grow your career.

• Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.

• Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.

• Lifestyle wallet , a highly flexible benefits spending account for wellness, learning, and more.

• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.

• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!

• Exceptional office experience with catered meals, events, and comfortable workspaces.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.

The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones.

For other locations not listed, compensation can be discussed with your recruiter during the interview process.

Base Pay Range:

Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC): $157,000-$185,000 USD

Zone 2 (Denver, CO; Westlake, TX; Chicago, IL): $139,000-$163,000 USD

Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL): $122,000-$144,000 USD

XML job scraping automation by YubHub

Key responsibilities include:

• Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector , producing timely, actionable intelligence for Security Engineering stakeholders
• Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
• Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
• Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
• Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time
• Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships , prioritizing what matters for Anthropic's threat model
• Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
• Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners

You may be a good fit if you:

• Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
• Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors , their tooling, infrastructure patterns, tradecraft, and targeting
• Are a strong engineer: you write production-quality Python (or similar), have built automation and data pipelines, and don't need to hand requirements to someone else to get tooling built
• Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings
• Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understand what makes a detection durable vs. brittle
• Can write clearly and concisely , your intelligence products are read and acted on, not filed away
• Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing

Strong candidates may have:

• Experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)
• Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response
• Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
• Public research, conference talks, or open-source tooling contributions in the CTI space

XML job scraping automation by YubHub

Anthropic sits at the frontier of AI development, making us a prime target for nation-state and advanced criminal actors. As a Threat Intelligence Engineer, you'll produce actionable intelligence that drives our detections, hunts, and defensive priorities.

Responsibilities:

• Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector
• Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
• Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
• Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
• Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time
• Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships
• Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
• Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners

You may be a good fit if you:

• Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
• Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors
• Are a strong engineer with experience writing production-quality Python and building automation and data pipelines
• Are comfortable performing malware analysis, infrastructure analysis, and log analysis
• Have experience authoring detection logic and understanding what makes a detection durable vs. brittle
• Can write clearly and concisely
• Have an existing network in the threat intelligence community

Strong candidates may have:

• Experience defending cloud-native and research-heavy environments
• Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries
• Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
• Public research, conference talks, or open-source tooling contributions in the CTI space

Logistics

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time
• Visa sponsorship: We do sponsor visas!

XML job scraping automation by YubHub