Security Operations Detection & Response Technical Lead

About the Team + Role

The Security Operations (SecOps) team’s mission is to proactively safeguard Robinhood and its customers. SecOps is responsible for monitoring, detecting, and responding to security incidents in real time. We do this by staying ahead of threats through gathering threat intelligence, conducting Red Team operations, and working with external security researchers to identify and mitigate potential risks before they can be exploited. By maintaining a robust defense posture, the team protects Robinhood customers from ever-evolving cyber threats.

As the Detection & Response Tech Lead, you will be a pivotal part of our Security Operations team, leading and evolving our Detection & Response capabilities to detect, respond to, and mitigate threats effectively. You’ll have the opportunity to drive critical response efforts, build robust detection pipelines, and foster a culture of trust, resilience, collaboration and continuous improvement within the team. This role combines technical leadership, team mentorship, and close partnership with stakeholders across Security Operations and the wider organization.

The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.

What You’ll Do

• Incident Response Leadership: Lead and manage incident response efforts, providing clear direction and authority during high-stakes situations. Efficiently organize and drive response work streams, ensuring thorough and timely resolution. Provide high-quality and comprehensive post-incident reporting and insights to guide future improvements.
• Detection Engineering & Development: Oversee the development and codification of high-quality, scalable detections. Collaborate with business stakeholders to prioritize detection engineering efforts to address top risks and threats. Work closely with SOC analysts and other security stakeholders to build effective detection pipelines, utilizing real-time feedback and metrics to refine our detection strategy.
• Metrics & Continuous Improvement: Establish and track metrics on detection efficacy, response speed, and continuous improvement initiatives. Implement strategies to measure and enhance detection accuracy, reduce false positives, and optimize response workflows.
• Stakeholder Management & Communication: Serve as a primary point of contact for Detection & Response. Build and maintain trusted relations with key stakeholders, communicating security events, strategy updates, and progress on team initiatives. Ensure clear, concise, and timely updates to all relevant parties during and post-incident.
• Team Development & Leadership: Mentor and develop a high-performing Detection & Response team, providing coaching, feedback, and growth opportunities. Drive team capability-building through structured training, hands-on learning, and by establishing best practices for incident handling, detection engineering, and collaboration.

What You Bring

• Experience with the principles and practices of modern security operations frameworks such as Autonomic Security Operations (ASO).
• Proven track record in incident response, with deep expertise in managing and driving incident workstreams to timely resolution.
• Strong technical experience in detection engineering, including detection codification, pipeline development, tuning & coverage strategies for accuracy and efficiency.
• Demonstrated capability to measure and improve detection effectiveness using metrics and data analysis.
• Exceptional crisis leadership and authority under pressure; communicates clearly, concisely, and effectively with technical and non-technical stakeholders alike.
• Skilled in building trust, credibility, and strong relations with stakeholders, maintaining a professional, positive, and solution-oriented attitude.
• Proven team leadership experience, with the ability to inspire, coach, and develop team members, helping them level-up technically and professionally.

Bonus

• Hands-on experience developing and deploying SOAR playbooks to automated detection and response workflows.
• Experience using and configuring robust Case Management systems to effectively collect and store incident details and data.
• Proficient in software development, with a focus on creating secure and efficient code for detection and response solutions.

Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team. The form should only be completed if you need a specific accommodation.