Sr. Security Engineer, Incident Response

Join a leading fintech company that’s democratizing finance for all.

Robinhood was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood is lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.

As we continue to build...

We’re seeking curious thinkers looking to co-author the next chapters of our story. Joining now means helping shape our vision, structures and systems; playing a key-role as we launch into our ambitious future.

Check out life at Robinhood on The Muse!

About the team:

The Detection and Response Team (DART) at Robinhood exemplifies our Safety First value by building and operating services that protect our customers' security and privacy. DART consists of detection platform and incident response teams who work together to assess threats, collect and analyze data, and respond to events. Together, we ensure the effectiveness of our safeguards and the continuous protection of our customers.

The DART team is looking for incident response engineers to monitor the full breadth of Robinhood's technology, detect threats, and respond to events in real-time.

The Role:

Security Engineer - Incident Response and Detection

Robinhood is seeking an IR Engineer to join our highly visible Cyber Security Incident Response Team that provides cyber analysis, scripting, detection creation, automation and support to our 24x7x365 Security Operations Center (SOC). This specific position requires the ability to work a 7-day on-call rotation with the other IR Engineers.

Working within Robinhood’s Computer Security Incident Response Team (CSIRT) you will have the opportunity to build innovative solutions to identify and mitigate information-security threats. With your contributions, we’re building the best security incident response team in the industry. Your skills, vision, tenacity, and passion will help us defend and respond daily to protect Robinhood’s critical assets and keep our users’ information safe.

Candidates must have experience working with various security methodologies and cutting edge technologies, experience working with modern cloud environments, and experience working with large security log datasets collected from heterogeneous environments

Must demonstrate expert knowledge in Incident Response and one or more of the following areas:

Threat Hunting, cloud security, Digital Forensics, automating repetitive tasks with SOAR platforms, and Detection creation.

Core Job Functions Include:

• Investigations – Investigating computer and information security incidents to determine extent of compromise to information and automated information systems, must be familiar with notable event triage, Host Forensics, Network Analysis and containment methodologies.
• Escalations – Responding to notable events from security tooling to develop/implement security controls,
• Defense - countermeasures to prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.
• Research – Researching attempted or successful efforts to compromise systems security and designs countermeasures. Stay educated on the latest trends, techniques, tactics and procedures.
• Education - maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
• Communications – Provides information and updates to shift leads, creates pass-downs for the next on-call, works closely with supporting teams, shares ideas on new preventative and detective security controls and policy and standards, and engages with other teams.
• Digital Forensics – As it relates to information systems, performs HR investigations and legal holds in a forensically sound manner. Consults with HR and legal domain experts to adhere to local country laws.
• Coverage – Must be willing and able to perform shift work, weekends, and holidays as well as participate in a rotating on-call shift as needed.

To be successful in this position, you must be proficient with:

• Incident Response – Getting people to do the right thing in the middle of an investigation.
• Offensive Techniques – Penetration testing, and adversarial TTPs at all layers of the stack. Need to be very familiar with real world scenarios and current attacker behavior.
• Logs - you are very comfortable with a SEIM to be able to gather and analyze logs to recreate incidents and hunt for threats. Must have experience developing and tuning detection logic.
• System Forensics – Understanding of image acquisition techniques, memory, host, file and browser forensics.
• Networking Fundamentals - TCP/IP Protocols, SSL/TLS, authentication protocols such as SAML, SSO, OAuth, and network analysis tools Wireshark/TCPDump.
• Risk Analysis – Taking an event in a particular environment and understanding the practical associated risk to our business.
• Automation – Creating and/or modifying scripts to automate repetitive and mundane tasks, freeing up time to focus on sophisticated investigations and other projects.

Required Qualifications:

• Minimum four (4) years of professional experience in incident detection and response, threat hunting, network/cloud security, Threat Intelligence, and/or digital forensics. You have experience operating independently in a fast paced incident response, security operations, or similar environment.

In addition, minimum of one (1) year of specialized experience in one or more of the following areas:

• Security Assessment or Offensive Security
• Application Security, cloud security, network security
• Security Operations Center/Security Incident Response
• Cyber intelligence Analysis/Threat Intelligence
• Creating sophisticated detections in a SIEM

At Robinhood, your work makes a difference. We believe that we can build a better form of commerce that is enabled by people, supported by technology, and open to everyone – creating more opportunity for all.

We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.

Robinhood promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review Robinhood's Privacy Policy please visit Robinhood - US Applicant Privacy Policy.

Click here to learn more about Robinhood’s Benefits.

Robinhood is a primarily remote company. If hired, you will work as a remote employee unless the job you are applying for has a different working model specified. Please reach-out  to your recruiter if you have any questions regarding the job’s working model.