itjobs.ca Logo
Robinhood logo

Security Engineer (Detection & Response)

Robinhoodabout 18 hours ago
Toronto, Canada
Mid Level
Full-Time

About the role

  • We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact
  • Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards
  • The Security Operations (SecOps) team works to safeguard Robinhood and its customers by identifying, investigating, and responding to security threats
  • The team monitors production systems, endpoints, and cloud environments, and uses threat intelligence and structured testing to uncover risks before they affect customers
  • SecOps partners closely with engineering and infrastructure teams to strengthen detection coverage and response readiness
  • The team’s focus is clear: reduce risk, improve visibility, and protect customer trust every day!
  • As a Security Engineer, Detection & Response, you will strengthen Robinhood’s ability to detect, investigate, and contain security incidents
  • You will design and improve detection logic, analyze security telemetry across cloud and endpoint systems, and contribute to measurable reductions in false positives and detection gaps
  • You will work directly with SOC analysts and security engineers to refine investigation workflows and document incident findings
  • This role is ideal for someone who enjoys hands-on detection engineering and improving how teams respond to real-world threats!
  • Investigate security alerts across SIEM, EDR, and cloud security platforms, perform log analysis, and coordinate containment or remediation steps with engineering partners
  • Develop, test, and tune detection rules using query languages to improve signal quality and reduce false positives
  • Correlate data from multiple telemetry sources to identify attack patterns and determine appropriate response actions
  • Monitor emerging threats and update detection logic based on investigation findings and threat intelligence reporting
  • Contribute to automation efforts by building or refining SOAR playbooks and scripts that improve investigation speed and consistency
  • Document incidents and contribute to post-incident reviews with clear findings and recommended improvements to detection and response processes- Ability to analyze security telemetry, identify patterns of malicious activity, and recommend practical improvements
  • 2–4 years of experience in security operations, detection engineering, or incident response
  • Familiarity with threat hunting and investigation techniques across cloud and endpoint environments
  • Experience analyzing logs and tuning alerts within SIEMs, EDR platforms, and cloud security tools
  • Experience writing detections using query languages (e.g., SQL-like, KQL, or similar)
  • Clear written and verbal communication skills when documenting incidents and collaborating with technical teams
  • Our ambitious roadmap requires a great culture shaped by exceptional leaders. Here’s what we expect from them:
  • Experience developing and deploying SOAR playbooks to automate detection and response workflows
  • Familiarity with AWS, Okta, Kubernetes, and/or Google Workspace security monitoring tools
  • Experience writing software to support detection and response tooling with a focus on secure, maintainable code
  • Experience in building Agentic workflows, optimizing workflows with Generative AI

About Robinhood

Financial Services
Website