Skip to main content
Back to jobs

Security Engineer, Detection & Response

External
Robinhood logoRobinhood · Ljubljana, Slovenia
Full-timeOn-site1mo ago30+ days old, may be filled
AWSCloud SecurityGenerative AIIncident ResponseKubernetesSIEM
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Investigate security alerts across SIEM, EDR, and cloud security platforms, perform log analysis, and coordinate containment or remediation steps with engineering partners
  • Develop, test, and tune detection rules using query languages to improve signal quality and reduce false positives
  • Correlate data from multiple telemetry sources to identify attack patterns and determine appropriate response actions
  • Monitor emerging threats and update detection logic based on investigation findings and threat intelligence reporting
  • Contribute to automation efforts by building or refining SOAR playbooks and scripts that improve investigation speed and consistency
  • Document incidents and contribute to post-incident reviews with clear findings and recommended improvements to detection and response processes
  • What you bring
  • 2-4 years of experience in security operations, detection engineering, or incident response
  • Experience analyzing logs and tuning alerts within SIEMs, EDR platforms, and cloud security tools
  • Experience writing detections using query languages (e.g., SQL-like, KQL, or similar)
  • Familiarity with threat hunting and investigation techniques across cloud and endpoint environments
  • Ability to analyze security telemetry, identify patterns of malicious activity, and recommend practical improvements
  • Clear written and verbal communication skills when documenting incidents and collaborating with technical teams

Requirements

  • Our ambitious roadmap requires a great culture shaped by exceptional leaders. Here's what we expect from them:
  • Experience developing and deploying SOAR playbooks to automate detection and response workflows
  • Familiarity with AWS, Okta, Kubernetes, and/or Google Workspace security monitoring tools
  • Experience writing software to support detection and response tooling with a focus on secure, maintainable code
  • Experience in building Agentic workflows, optimizing workflows with Generative AI

Benefits

Challenging, high-impact work to grow your career.Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more.Employer-paid life & disability insurance, fertility benefits, and mental health benefits.Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!Exceptional office experience with catered meals, events, and comfortable workspaces.In addition to the base pay range listed below, this role

Additional Information

Join us in building the future of finance. Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you're ready to be at the epicenter of this historic cultural and financial shift, keep reading. About the team + role We are building an elite team, applying frontier technologies to the world's biggest financial problems. We're looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn't a place for complacency, it's where ambitious people do the best work of their careers. We're a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. The Security Operations (SecOps) team works to safeguard Robinhood and its customers by identifying, investigating, and responding to security threats. The team monitors production systems, endpoints, and cloud environments, and uses threat intelligence and structured testing to uncover risks before they affect customers. SecOps partners closely with engineering and infrastructure teams to strengthen detection coverage and response readiness. The team's focus is clear: reduce risk, improve visibility, and protect customer trust every day! As a Security Engineer, Detection & Response, you will strengthen Robinhood's ability to detect, investigate, and contain security incidents. You will design and improve detection logic, analyze security telemetry across cloud and endpoint systems, and contribute to measurable reductions in false positives and detection gaps. You will work directly with SOC analysts and security engineers to refine investigation workflows and document incident findings. This role is ideal for someone who enjoys hands-on detection engineering and improving how teams respond to real-world threats! This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week. At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Robinhood? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect