Apply on Employer Site

Robinhood · 3 months ago

Senior Offensive Security Engineer

Menlo Park, CA

Full-time

Onsite

Senior Level

$187K/yr - $220K/yr

5+ years exp

Robinhood is on a mission to democratize finance for all, and they are looking for a Senior Offensive Security Engineer to join their Red Team. This role involves Red Teaming, threat modeling, penetration testing, and collaborating with various teams to enhance the security of their products and services.

CryptocurrencyFinTechPrediction MarketsStock ExchangesTrading Platform

Responsibilities

Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities

Mentor and provide guidance to the members of the Offensive Security team

Utilize threat modeling to identify threats and shape Red Team priorities and exercises

Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code

Perform penetration testing, code reviews, and design/architecture reviews

Write tooling to assist with and automate Red Team assessments

Plan and participate in Adversarial Simulation exercises with various security teams

Lead Security Incidents when Pentest or Red Team findings require them

Publish blog posts and present talks at security conferences

Qualification

Red TeamingPenetration TestingThreat ModelingVulnerability ResearchAdversarial SimulationMitre ATT&CK FrameworkNetwork ProtocolsCloud ProvidersTechnical AdvocacyDistributed Team ExperienceMentoringCommunication SkillsTeam CollaborationTechnical Documentation

Required

5+ years of Red Team experience

Experience mentoring other team members

Passion and demonstrated experience for challenging security assumptions

Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives

Passion for fixing security issues and not just identifying security issues

Familiarity with common network protocols and standards such as DNS and TCP/IP

Experience with MacOS and Linux

Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions

Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them

Deep understanding of Mitre's ATT&CK Framework

Strong understanding of the security fundamentals of access and identity

Comfortable reading / writing python, go, and javascript

Ability to research and execute a testing plan to access a new technology or process

Demonstrated experience working with a distributed team

Proficiency to communicate over a text-based medium (Slack, JIRA Issues, GitHub issues, & Email) and can succinctly document technical details