Security Engineer, Detection & Response

About this role

Robinhood seeks a Security Engineer for Detection & Response to strengthen threat detection, investigation, and incident containment across cloud and endpoint systems. You'll design detection logic, analyze security telemetry, and improve SOC workflows while reducing false positives and response times.

What you'll do

• Investigate security alerts across SIEM, EDR, and cloud platforms using log analysis and data correlation
• Develop and tune detection rules using query languages to improve signal quality
• Monitor emerging threats and update detection logic based on findings and intelligence
• Build or refine SOAR playbooks and scripts to automate investigation workflows
• Coordinate incident containment and remediation with engineering partners
• Document incidents and contribute to post-incident reviews with improvement recommendations

What they're looking for

• Security operations or incident response experience
• SIEM and EDR platform log analysis and alert tuning
• Detection rule writing using query languages (SQL-like, KQL, or similar)
• Threat hunting and investigation across cloud and endpoint environments
• Security telemetry analysis and threat pattern identification
• Technical writing and cross-functional communication
• SOAR automation and playbook development (preferred)
• AWS, Okta, Kubernetes, or Google Workspace security tools (preferred)

Benefits

• Performance-driven compensation with bonus and equity programs
• 100% paid health insurance for employees; 90% for dependents
• 401(k) matching
• Lifestyle wallet for wellness and learning
• Employer-paid life, disability, and mental health benefits
• Paid time off and company holidays