Security Engineer, Detection & Response

Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

The Security Operations (SecOps) team’s mission is to proactively safeguard Robinhood and its customers. SecOps is responsible for monitoring, detecting, and responding to security incidents in real time. We do this by staying ahead of threats through gathering threat intelligence, conducting Red Team operations, and working with external security researchers to identify and mitigate potential risks before they can be exploited. By maintaining a robust defense posture, the team protects Robinhood customers from ever-evolving cyber threats.

As a Detection & Response Engineer, you will focus on strengthening Robinhood’s ability to detect, investigate, and respond to security incidents. You’ll work on developing high-quality detections, improving response workflows, and collaborating with security teams to reduce detection gaps. This role requires technical expertise in security operations, detection engineering, and incident response while working closely with SOC analysts, engineers, and security stakeholders.

The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.

• Investigate security alerts and incidents, conduct log analysis, and collaborate with teams to mitigate threats
• Develop and fine-tune detection logic to improve visibility into security threats, reducing false positives and detection gaps
• Analyze security signals, correlate data across multiple sources, and determine appropriate response actions
• Continuously monitor, evaluate, and improve security detections based on evolving threats and real-time feedback from investigations
• Assist in automating detection workflows and enhancing security operations efficiency through scripting or SOAR tools
• Contribute to post-incident reports and identify areas for improvement in detections, response, and remediation strategies

• 1+ years of experience in security operations, detection engineering, or incident response
• Strong understanding of log analysis, detection tuning, and alert triage within security tools (SIEMs, EDRs, cloud security platforms)
• Hands-on experience conducting incident response and writing detections for AWS, Kubernetes, Google Workspace, macOS, and Okta
• Experience writing detections using query languages
• Familiarity with threat hunting, log correlation, and investigation techniques across cloud and endpoint environments
• Ability to analyze security telemetry, identify attack patterns, and contribute to continuous detection improvements
• Strong problem-solving skills and ability to collaborate across security teams in fast-paced incident response scenarios

Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team. The form should only be completed if you need a specific accommodation.

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed.

Base Pay Range:

Toronto, ON

$89,250 - $105,000 CAD

Click here to learn more about our Total Rewards, which vary by region and entity.

If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review thePrivacy Policy for your country of application.

We are an equal opportunity employer: applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status.

*

indicates a required field

First Name *

Last Name *

Email *

Phone

Country

Phone

Location (City) *

Resume/CV

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Website

LinkedIn Profile

How did you hear about this job?

Have you used Robinhood? Select...

Have you ever worked for Robinhood as an employee, intern or contractor? Note that providing false or misleading information may result in disqualification from the hiring process. * Select...

What is your preferred office location? * Select...

Do you have the unrestricted right to work in the country where this role is located? * Select...

Please review and acknowledge the specific Robinhood Applicant Privacy Policy applicable to the country where you are applying. * Select...

Do you have:a) any Personal/Familial Relationships (current Robinhood employees or employees of Robinhood’s vendors);b) any Outside Business Activities that you wish to continue;c) any investment that is greater than 5% of the outstanding shares of a publicly-traded company;d) any investment in a private company that has a business relationship or that is a current competitor of Robinhood; ore) any Intellectual Property Ownership (patents, trademarks, copyrights) that you wish to retain and/or create/develop while at Robinhood? * Select...

If you answered "Yes" to the above question, please provide additional information here:

Robinhood adheres to applicable laws and regulations in relation to government officials given inherent bribery and/or corruption risk. A government official is any person that performs a public function on any level or acts in any official capacity on behalf of a government or government owned entity.a) Do you currently hold or have you held, within the last 5 years, a position as a government official?b) Have you been referred or recommended for this position by a government official?c) Are you related to or have you a close personal relationship with a government official? * Select...

If you answered "Yes" to the above question, please provide additional information here: