Join a leading fintech company that’s democratizing finance for all.
Robinhood Markets was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood and its subsidiaries and affiliates are lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.
With growth as the top priority...
The business is seeking curious, growth-minded thinkers to help shape our vision, structures and systems; playing a key-role as we launch into our ambitious future. If you’re invigorated by our mission, values, and drive to change the world — we’d love to have you apply.
About the team + role
The Security Operation team’s mission is to protect Robinhood and its customers by rapidly anticipating, detecting and responding to security threats, while continuously assuring and strengthening our defenses to minimize the impact of risks and ensure business continuity.
Our Mission
As a Vulnerability Management Security Engineer, you will be at the forefront of safeguarding our organization by identifying and mitigating critical vulnerabilities before they can be exploited. You'll play a hands-on role in our dynamic cybersecurity ecosystem, tackling complex challenges and working with the latest tools and technologies to stay one step ahead of potential threats.
The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.
What you’ll do
- Support the Vulnerability Management system at Robinhood, taking ownership for the lifecycle of vulnerabilities, and improving the company’s security posture.
- Own the end to end Bug Bounty report lifecycle from triage to resolution, including managing triage and escalation for inbound reports, performing root cause analysis, managing state transitions, and tracking internal remediation tickets.
- Empower the Vulnerability Management program to scale by improving automated triage for vulnerability findings.
- Build automated remediation for identified vulnerabilities whenever possible, such as remediating outdated package dependencies.
- Design clear and intuitive dashboards for a single-pane-of-glass overview of the state of Vulnerability Management.
What you bring
- 3+ years of full-time software development experience with a proven track record of developing scalable, modular, and reliable systems.
- Experience as a Bug Bounty researcher, familiarity with the Bug Bounty and vulnerability disclosure process.
- Experience in the technical triage of vulnerabilities, including a thorough understanding of attack surface, CVSS and other severity rating approaches, as well as exploitability and mitigating controls.
- A track record of successfully collaborating with cross-functional teams.
- Experience with reading and working on large Go or Python codebases.
- Experience with scripting and task automation through code.
- Experience with vulnerability management tools and automated vulnerability scanners such as EndorLabs, Snyk, Semgrep, Trufflehog, Wiz, Assetnote, Nuclei, etc.
- An understanding of the unique challenges in securing cloud environments.
- Bonus points for experience at a fintech or a company in other highly regulated spaces.
Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team. The form should only be completed if you need a specific accommodation.
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on September 19, 2024.
Please see the independent bias audit report covering our use of Covey here.
Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected salary range for this role is based on the location where the work will be performed. This role is also eligible to participate in a Robinhood bonus plan and Robinhood’s equity plan.
Click here to learn more about available Benefits, which vary by region and Robinhood entity.
We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.
Robinhood embraces a diversity of backgrounds and experiences and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. Please review the specific Robinhood Privacy Policy applicable to the country where you are applying.