Robinhood
Robinhood Markets was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood and its subsidiaries and affiliates are lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.
With growth as the top priority…
The business is seeking curious, growth-minded thinkers to help shape our vision, structures and systems; playing a key-role as we launch into our ambitious future. If you’re invigorated by our mission, values, and drive to change the world — we’d love to have you apply.
About the team + role
Security Operations
The Security Operations (SecOps) team’s mission is to proactively safeguard Robinhood and its customers. SecOps is responsible for monitoring, detecting, and responding to security incidents in real time. We do this by staying ahead of threats through gathering threat intelligence, conducting Red Team operations, and working with external security researchers to identify and mitigate potential risks before they can be exploited. By maintaining a robust defense posture, the team protects Robinhood customers from ever-evolving cyber threats.
As a Security Operations Automation Engineer, you will be instrumental in enhancing our security operations by building and deploying automation to streamline detection, response, and recovery processes. You’ll work closely with Vulnerability Management, Detection and Response (D&R), the Security Operations Center (SOC), and various other stakeholders, creating scalable solutions that reduce manual work and improve response times across our organization.
What you’ll do
- Build and maintain automation workflows to improve the efficiency, speed, and accuracy of our security operations, focusing on reducing manual work and enhancing incident response times.
- Work with Security Orchestration, Automation, and Response (SOAR) and case management platforms to streamline alert triage, incident handling, and reporting processes, driving efficiency across the team.
- Partner with Vulnerability Management, Detection Engineering, and SOC analysts to automate repetitive tasks, enhancing workflows, and ensuring seamless coordination within security operations.
- Develop feedback loops to evaluate automation effectiveness, applying insights from team feedback and data analysis to continuously optimize automated processes.
- Work with Threat Intelligence, Red Team, and Threat Hunting teams to incorporate threat indicators and response strategies, building automation for robust threat detection and mitigation.
- Create and maintain custom scripts and tooling for security incident response, log analysis, data enrichment, and threat intelligence processing, adapting to new challenges and emerging threats.
- Document all automation processes and provide training for relevant teams, ensuring transparency and consistency in automated workflows.
What you bring
- Proficiency with security automation and orchestration platforms such as Cortex XSOAR, Tines, Phantom, etc. Familiarity with SIEM, EDR and log management systems is essential.
- Experience in Python, Javascript, or other programming languages relevant to automation, with a solid understanding of REST APIs and data transformation.
- Background in designing, building and implementing automated workflows within a security operations environment.
- Understanding of security incident response, detection engineering, and other security operations processes, with a proven ability to design effective solutions for complex security challenges.
- Strong analytical skills with an ability to develop creative solutions for security automation challenges.
- Excellent communication skills and a collaborative approach to working across various security disciplines and with external stakeholders.
Additionally, although not required, any of the following are highly desired:
- Familiarity with deploying automations in cloud environments, such as AWS, Kubernetes and GCP.
- Experience with data pipelines, data transformation, and storage practices relevant to security data.
- Experience with automated detection-as-code and breach attack simulation tooling.
We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we’re looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.
Robinhood embraces a diversity of backgrounds and experiences and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants’ privacy rights.
#J-18808-Ljbffr