Staff Offensive Security Engineer

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. 

The Red Team team’s mission is to proactively identify and simulate real-world threats against Robinhood’s platforms, properties, and people. Through red teaming and adversarial simulations, the team evaluates security controls, uncovers vulnerabilities, and helps continuously strengthen Robinhood’s overall security posture in close partnership with Detection & Response, Physical Security, and Engineering.

As a Staff Offensive Security Engineer, you will take a hands-on role in designing and executing stealthy adversarial simulations to validate assumptions and uncover gaps in detection and response. You’ll leverage threat modeling, penetration testing, and research-driven techniques to emulate sophisticated attackers, while collaborating cross-functionally to improve defenses and shape more secure systems.

This role is based in our Toronto, Canada office(s), with in-person attendance expected at least 3 days per week. 

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Plan and execute red team operations, adversarial simulations, and penetration tests across applications, infrastructure, networks, offices, and internal processes.
• Perform threat modeling for new and existing services, clearly articulating security risks and tradeoffs to engineering and risk stakeholders.
• Conduct vulnerability research, exploit development, and testing using both custom tooling and public proof-of-concept techniques.
• Partner with detection and response teams to simulate realistic attack scenarios and evaluate monitoring and incident response readiness.
• Write and maintain tooling to automate and scale offensive security assessments.
• Serve as a subject matter expert by documenting findings, recommending remediation strategies, and supporting teams through fixes.
• Mentor teammates and contribute to shared knowledge through internal documentation, presentations, and external talks or blog posts.

What you bring

• 8+ years of hands-on experience in red teaming, offensive security, or penetration testing.
• Demonstrated experience mentoring or guiding other security engineers.
• Strong understanding of threat modeling methodologies and the MITRE ATT&CK framework.
• Experience testing modern environments, including cloud platforms (AWS, GCP), containerized systems (Docker, Kubernetes), CI pipelines, and identity systems.
• Working knowledge of defensive security tools such as IDS/IPS, EDR, packet capture, and network monitoring, including common evasion techniques.
• Proficiency in Python, Go, or JavaScript for exploit development, tooling, or automation.
• Clear written and verbal communication skills, with the ability to explain technical findings to both engineers and senior leaders.
• Experience collaborating with distributed teams and documenting work through tools such as Slack, Jira, GitHub, and email.

Bonus points:

• Experience work