Staff Offensive Security Engineer

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for thoughtful problem-solvers and builders who want to make a meaningful contribution. Robinhood is a place where people take ownership of their work and help improve financial access for all. We operate with high standards, clear accountability, and a strong focus on security and ethics in everything we build!

The Red Team’s mission is to identify and reduce real-world security risks across Robinhood by simulating adversary behavior and testing defenses. As a Staff Offensive Security Engineer, you will plan and execute security assessments across applications, infrastructure, and physical environments, and partner closely with engineering and security teams to strengthen detection and response capabilities. You will help prioritize risk, contribute to remediation efforts, and develop tools and techniques that improve how we test and secure our systems. Your work will directly support the safety and reliability of products used by millions of customers.

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities.
• Mentor and provide guidance to the members of the Offensive Security team.
• Plan and execute red team exercises, including long-term assessments that simulate real-world attack scenarios
• Perform threat modeling and penetration testing across applications, infrastructure, and corporate environments
• Develop scripts and tools to support and automate security testing activities
• Partner with detection and response teams to run adversarial simulations and improve incident readiness
• Communicate findings clearly and work with engineering teams to remediate identified risks
• Lead Security Incidents when Pentest or Red Team findings require them.
• Plan and participate in Adversarial Simulation exercises with various security teams.

What you bring

• 8+ years of experience conducting red team operations or advanced penetration testing
• Experience mentoring or supporting the development of other security engineers
• Passion and demonstrated experience for challenging security assumptions.
• Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives.
• Passion for fixing security issues and not just identifying security issues.
• Familiarity with common network protocols and standards such as DNS and TCP/IP.
• Experience with MacOS and Linux.
• Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions.
• Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them.
• Deep understanding of Mitre’s ATT&CK Framework.
• Strong understanding of the security fundamentals of access and identity.
<