About the role
- The Red Team team’s mission is to proactively identify and simulate real-world threats against Robinhood’s platforms, properties, and people. Through red teaming and adversarial simulations, the team evaluates security controls, uncovers vulnerabilities, and helps continuously strengthen Robinhood’s overall security posture in close partnership with Detection & Response, Physical Security, and Engineering
- As a Staff Offensive Security Engineer, you will take a hands-on role in designing and executing stealthy adversarial simulations to validate assumptions and uncover gaps in detection and response. You’ll leverage threat modeling, penetration testing, and research-driven techniques to emulate sophisticated attackers, while collaborating cross-functionally to improve defenses and shape more secure systems
- Plan and execute red team operations, adversarial simulations, and penetration tests across applications, infrastructure, networks, offices, and internal processes
- Perform threat modeling for new and existing services, clearly articulating security risks and tradeoffs to engineering and risk stakeholders
- Conduct vulnerability research, exploit development, and testing using both custom tooling and public proof-of-concept techniques
- Partner with detection and response teams to simulate realistic attack scenarios and evaluate monitoring and incident response readiness
- Write and maintain tooling to automate and scale offensive security assessments
- Serve as a subject matter expert by documenting findings, recommending remediation strategies, and supporting teams through fixes
- Mentor teammates and contribute to shared knowledge through internal documentation, presentations, and external talks or blog posts- We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact
- Demonstrated experience mentoring or guiding other security engineers
- Experience testing modern environments, including cloud platforms (AWS, GCP), containerized systems (Docker, Kubernetes), CI pipelines, and identity systems
- Experience collaborating with distributed teams and documenting work through tools such as Slack, Jira, GitHub, and email
- Strong understanding of threat modeling methodologies and the MITRE ATT&CK framework
- 8+ years of hands-on experience in red teaming, offensive security, or penetration testing
- Working knowledge of defensive security tools such as IDS/IPS, EDR, packet capture, and network monitoring, including common evasion techniques
- Clear written and verbal communication skills, with the ability to explain technical findings to both engineers and senior leaders
- Proficiency in Python, Go, or JavaScript for exploit development, tooling, or automation
- Prior experience serving as a technical lead on security initiatives
- Experience working in financial technology or regulated environments