Robinhood Markets was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood and its subsidiaries and affiliates are lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.
With growth as the top priority...
The business is seeking curious, growth-minded thinkers to help shape our vision, structures and systems; playing a key-role as we launch into our ambitious future. If you’re invigorated by our mission, values, and drive to change the world — we’d love to have you apply.
About the Role + Team
The Security Operations (SecOps) team’s mission is to proactively safeguard Robinhood and its customers. SecOps is responsible for monitoring, detecting, and responding to security incidents in real time. We do this by staying ahead of threats through gathering threat intelligence, conducting Red Team operations, and working with external security researchers to identify and mitigate potential risks before they can be exploited. By maintaining a robust defense posture, the team protects Robinhood customers from ever-evolving cyber threats.
As a Detection & Response Engineer, you will focus on strengthening Robinhood’s ability to detect, investigate, and respond to security incidents. You’ll work on developing high-quality detections, improving response workflows, and collaborating with security teams to reduce detection gaps. This role requires technical expertise in security operations, detection engineering, and incident response while working closely with SOC analysts, engineers, and security stakeholders.
The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.
What you’ll do
- Incident Detection & Response - Investigate Security alerts and incidents, conduct log analysis, and collaborate with teams to mitigate threats.
- Detection Engineering - Develop and fine-tune detection logic to improve visibility into security threats, reducing false positives and detection gaps
- Triage & Investigation - Analyze security signals, correlate data across multiple sources, and determine response actions
- Threat Monitoring & Analysis - Continuously monitor, evaluate, and improve security detections based on evolving threats and real-time feedback from investigations.
- Automation & process Improvements - Assist in automating detection workflows and enhancing security operations efficiency through scripting or SOAR tools
- Incident Documentation & Postmortems - Contribute to post-incident reports, helping identify areas for improvement in detections, response, and remediation strategies
What you bring
- 2-4 years of experience in security operations, detection engineering, or incident response
- Strong understanding of log analysis, detection tuning, and alert triage within security tools (SIEMs, EDRs, cloud security platforms)
- Experience with writing detections using query languages
- Familiarity with threat hunting, log correlation, and investigation techniques across cloud and endpoint environments
- Ability to analyze security telemetry, identify attack patterns and contribute to continuous detection improvements
- Strong problem-solving skills and ability to collaborate across security teams in fast-paced incident response scenarios
Nice to haves
- Hands-on experience developing and deploying SOAR playbooks to automated detection and response workflows.
- Familiarity with AWS, Okta, Kubernetes, and/or Google Workspace security monitoring tools
- Proficient in software development, with a focus on creating secure and efficient code for detection and response solutions.
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on September 19, 2024.
Please see the independent bias audit report covering our use of Covey here.
Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected salary range for this role is based on the location where the work will be performed. This role is also eligible to participate in a Robinhood bonus plan and Robinhood’s equity plan.
Toronto, ON
$114,750—$135,000 CAD
Click here to learn more about available Benefits, which vary by region and Robinhood entity.
We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.
Robinhood embraces a diversity of backgrounds and experiences and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. Please review the specific Robinhood Privacy Policy applicable to the country where you are applying.
