Our mission is to democratize finance for all.

An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history.

If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact.

Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers.

We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Vulnerability Management team’s mission is to reimagine security as an engineering and design challenge by building scalable, automated defense systems that proactively identify and reduce risk.

The team is driving a shift toward an intelligence-driven defense model, leveraging advanced technologies like AI and machine learning to move beyond traditional “scan-and-patch” approaches and make security seamless for developers.

As a Senior Vulnerability Management Engineer, you will lead the transformation of vulnerability management into a self-scaling security platform.

You’ll architect next-generation automated defense systems, using Agentic AI and machine learning to continuously discover, prioritize, and remediate risk at scale,helping make security efficient, proactive, and embedded into the development lifecycle.

This role is based in our Toronto, Canada office(s), with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community.

Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Set Strategic RBVM Vision: Act as the technical lighthouse, defining the multi-year roadmap and driving the move toward Risk-Based Vulnerability Management (RBVM), prioritizing vulnerabilities based on real-world exploitability and business context.

• Architect Agentic AI Systems: Design and deploy AI agents that autonomously triage findings, correlate threat intelligence, and generate production-ready remediations (e.g., automated Pull Requests for dependency updates and config drift).

• Build Exposure Intelligence: Develop systems that correlate vulnerabilities with runtime context and infrastructure topology (Kubernetes/AWS) to accurately model real-world blast radius and ensure engineers only fix what is actually exploitable.

• Automate Triage & Self-Healing: Create “paved roads” and CI/CD guardrails that prevent specific vulnerability categories from ever reaching production, reducing manual toil for the entire engineering organization.

• Data-Centric Visibility: Build high-fidelity dashboards using LLM-powered summarization to translate complex security signals into actionable insights for engineering leadership.

• Lead Emergency Response: Orchestrate the technical response to high-impact zero-days by rapidly performing cross-environment blast-radius analysis.

• Drive Execution Ownership: Take full ownership of operational security work, ensuring that critical vulnerabilities are systematically eradicated while maintaining high engineering velocity.

What you bring

• Experience: 5+ years in Security Engineering with a track record of leading high-impact automation or security platform initiatives at a Senior or Staff level.

• AI & Agentic System Fluency: Hands-on experience building or deploying agentic systems or LLM orchestration frameworks (e.g., LangChain, AutoGPT) to solve complex security or engineering problems at scale.

• Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty programs; a deep understanding of how attackers exploit vulnerabilities and how to translate those findings into systemic fixes.

• Engineering Excellence: Strong software engineering background with proficiency in Go or Python and a history of building scalable, API-driven security tooling.

• Modern Infrastructure Depth: Deep knowledge of securing AWS and Kubernetes-based architectures.

• Vulnerability Domain Knowledge: High familiarity with vulnerability categories, exploitability, and modern risk frameworks (CVSS, EPSS, CISA KEV).

• Detection Ecosystems: Experience with modern platforms like Snyk, Semgrep, Wiz, EndorLabs, or TruffleHog.

• Velocity Mindset: A commitment to reducing security friction and a track record of working effectively with high-velocity engineering teams.

Nice to have

• Fintech Experience: Experience navigating security in highly regulated or high-growth financial environments.

• Security as Code: Experience implementing “Security as Code” within large-scale CI/CD environments.

What we offer

• Challenging, high-impact work to grow your career

• Performance driven compensation with multipliers for outsized impact, bonus programs, and equity ownership

• Top tier benefits to fuel your work, including supplemental health insurance, ancillary insurance, and mental health support programs

• Lifestyle wallet – a highly flexible employer-paid benefits spending account expenses beyond traditional benefits such as wellness, childcare, learning, and more.

• Time off to recharge including company holidays, paid time off, sick time, paid volunteer time off, parental leave, and more!

• Exceptional office experience with catered meals, events, and comfortable workspaces.

• Monthly commuter stipend to help offset in-office commuting costs

Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team.

The form should only be completed if you need a specific accommodation.

AI Usage Disclosure: Robinhood uses artificial intelligence (AI) tools to support parts of our recruiting process. These tools enhance the efficiency and consistency of our hiring process; however, all hiring decisions are made by our hiring teams.

Vacancy Notice: This job posting represents an existing vacancy that we are actively seeking to fill.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.

The expected base pay range for this role is based on the location where the work will be performed.

Base Pay Range: Toronto, ON $165,750-$195,000 CAD

Click here to learn more about our Total Rewards, which vary by region and entity.

If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws.

Inclusion is built into how we hire and work,welcoming different backgrounds, perspectives, and experiences so everyone can do their best.

Please review the Privacy Policy for your country of application.

XML job scraping automation by YubHub

Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

At Robinhood, we view security as an engineering and design challenge, not an administrative one. We are looking for a lead architect for our next-generation automated defense systems. As a Senior Vulnerability Management Engineer, you will transform the program into a self-scaling security platform that transcends traditional "scan-and-patch" cycles. You will lead the shift to an Intelligence-Driven Defense model by leveraging Agentic AI and Machine Learning to automate the discovery, prioritization, and remediation of risk at scale, ultimately making security "cheap" for our developers.

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Set Strategic RBVM Vision: Act as the technical lighthouse, defining the multi-year roadmap and driving the move toward Risk-Based Vulnerability Management (RBVM), prioritizing vulnerabilities based on real-world exploitability and business context.

• Architect Agentic AI Systems: Design and deploy AI agents that autonomously triage findings, correlate threat intelligence, and generate production-ready remediations (e.g., automated Pull Requests for dependency updates and config drift).

• Build Exposure Intelligence: Develop systems that correlate vulnerabilities with runtime context and infrastructure topology (Kubernetes/AWS) to accurately model real-world blast radius and ensure engineers only fix what is actually exploitable.

• Automate Triage & Self-Healing: Create "paved roads" and CI/CD guardrails that prevent specific vulnerability categories from ever reaching production, reducing manual toil for the entire engineering organization.

• Data-Centric Visibility: Build high-fidelity dashboards using LLM-powered summarization to translate complex security signals into actionable insights for engineering leadership.

• Lead Emergency Response: Orchestrate the technical response to high-impact zero-days by rapidly performing cross-environment blast-radius analysis.

• Drive Execution Ownership: Take full ownership of operational security work, ensuring that critical vulnerabilities are systematically eradicated while maintaining high engineering velocity.

What you bring

• Experience: 5+ years in Security Engineering with a track record of leading high-impact automation or security platform initiatives at a Senior or Staff level.

• AI & Agentic System Fluency: Hands-on experience building or deploying agentic systems or LLM orchestration frameworks (e.g., LangChain, AutoGPT) to solve complex security or engineering problems at scale.

• Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty programs; a deep understanding of how attackers exploit vulnerabilities and how to translate those findings into systemic fixes.

• Engineering Excellence: Strong software engineering background with proficiency in Go or Python and a history of building scalable, API-driven security tooling.

• Modern Infrastructure Depth: Deep knowledge of securing AWS and Kubernetes-based architectures.

• Vulnerability Domain Knowledge: High familiarity with vulnerability categories, exploitability, and modern risk frameworks (CVSS, EPSS, CISA KEV).

• Detection Ecosystems: Experience with modern platforms like Snyk, Semgrep, Wiz, EndorLabs, or TruffleHog.

• Velocity Mindset: A commitment to reducing security friction and a track record of working effectively with high-velocity engineering teams.

Nice to have

• Fintech Experience: Experience navigating security in highly regulated or high-growth financial environments.

• Security as Code: Experience implementing "Security as Code" within large-scale CI/CD environments.

What we offer

• Challenging, high-impact work to grow your career.

• Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.

• Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.

• Lifestyle wallet , a highly flexible benefits spending account for wellness, learning, and more.

• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.

• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!

• Exceptional office experience with catered meals, events, and comfortable workspaces.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process.

Base Pay Range:

Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC)

$187,000-$220,000 USD

Zone 2 (Denver, CO; Westlake, TX; Chicago, IL)

$165,000-$194,000 USD

Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL)

$146,000-$172,000 USD

XML job scraping automation by YubHub

Some of the key responsibilities of this role include:

• Partnering with Product and Engineering to ensure that our application is designed and developed securely
• Participating in the implementation efforts, doing security reviews, helping with product design decisions, auditing and surfacing vulnerabilities in our current products
• Developing and improving our automated tooling to scale our application security capabilities and find potential code problems both before and after we deploy
• Making the safe way, the easy way, by working on defining and building application guardrails so that developers can build securely by default
• Assisting in ongoing security operations, including incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level

We use a variety of tools and technologies, including Cloud Security: Lacework, Languages: Python 3, TypeScript, Libraries: FastAPI, SQLAlchemy, React, Datastores: Postgres, Redis, Infrastructure: AWS (Fargate, ECS, S3, and more), Spark and Kafka, Monitoring: Datadog, PagerDuty, Version Control: Github, Vulnerability Management: Snyk, Semgrep

If you have 0 → 1 security experience, strong cross-functional experience, strong technical depth and breadth, thrive in ambiguity, innovation at scale, results-driven, and mission-driven, you'll be great for this role.

XML job scraping automation by YubHub

This role combines technical depth, strategic thinking, and the autonomy to design workflows that will protect infrastructure driving the future of AI.

Key Responsibilities:

• Build and scale AI-powered triage workflows: evaluate tools (LLM integration, TINES orchestration), architect solutions, and deploy to production
• Drive intelligent, risk-based vulnerability prioritization while simultaneously training AI models,your assessments become the foundation for automation
• Influence automation priorities: recommend which areas of the vulnerability pipeline would most benefit from automation to improve team efficiency
• Design and implement automated detection-to-ticket pipelines: build workflows that generate vulnerability detections, test them, scale across the environment, and auto-create Jira tickets
• Execute remediation campaigns: build automated workflows for EOL product removal, vulnerable software upgrades, and OS migrations at scale
• Manage embargoed vendor disclosures from hardware partners, including embargo verification and zero-day response coordination
• Lead security incident investigations related to high-profile vulnerabilities, coordinating cross-functional response and impact assessment
• Participate in on-call rotation for rapid-response vulnerability analysis during active zero-day events or critical security incidents
• Partner with IT, Infrastructure, and Engineering teams to drive remediation efforts, enforce SLAs, and escalate blockers strategically
• Write daily operations reports documenting vulnerability trends, remediation velocity, and emerging threats for security leadership
• Drive process improvements and workflow automation to improve operational efficiency and reduce manual toil

Requirements:

• 7+ years of relevant experience with demonstrated impact in vulnerability management, application security, platform security, or cloud security engineering
• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience
• Proven hands-on experience building security automation (SOAR workflows, detection pipelines, or vulnerability prioritization frameworks)
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, exploit intelligence, and compensating controls
• Strong development background with proficiency in Python, Go, or similar languages for building production-grade security tools
• Experience with modern vulnerability management tooling such as Wiz, Semgrep, Rapid7, or similar platforms
• Demonstrated ability to partner with cross-functional teams (IT, SRE, Engineering) to drive remediation without formal authority
• Strong familiarity with common security vulnerabilities and the ability to judge their severity and business impact

Preferred Qualifications:

• Practical experience building AI/ML-powered security workflows (LLM integration, automated triage, human-in-the-loop validation)
• Experience managing hardware security vulnerabilities (GPU/DPU firmware, BMC/IPMI, specialized compute environments)
• Production experience with security automation platforms such as TINES, Splunk SOAR, or serverless frameworks (AWS Lambda)
• Strong DevOps, DevSecOps, or SRE background with experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of container security and Kubernetes (image scanning, admission control, runtime protection, supply chain security)
• Experience supporting customer audits (SOC 2, ISO 27001, FedRAMP) with vulnerability evidence and control validation
• Experience integrating vulnerability management into modern CI/CD pipelines with a 'shift-left' mentality

What We Offer:

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

XML job scraping automation by YubHub