Apply on Employer Site

Robinhood · 2 hours ago

Senior Offensive Security Engineer

Bellevue, WA

Full-time

Onsite

Senior Level

$187K/yr - $220K/yr

5+ years exp

Robinhood is a company focused on democratizing finance for all, seeking an Offensive Security Engineer to join their Red Team. This role involves validating security assumptions, conducting threat modeling, and performing penetration testing to enhance the security of their products and services.

CryptocurrencyFinTechStock ExchangesTrading Platform

Responsibilities

Red Teaming to validate assumptions, facilitate decisions, and improve our ability to detect and respond to incidents

Perform threat modeling against critical and new services. Articulate the actual security risk to risk working groups

Penetration testing our critical infrastructure, production applications, networks, offices, and processes

Sparring with Detection and Response and other stakeholders via Adversarial Simulations to prepare for incidents

Partnering with the physical security team to conduct assessments of Robinhood properties

Serving as a technical advocate and Subject Matter Expert for privacy and security decisions, designs, and discussions

Driving innovative ideas to implementation as the company evolves and grows

Conduct vulnerability research to understand latest TTPs, exploits, and forward looking capabilities

Leaving things better than you found them by partnering to fix the issues and not just finding broken things

Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities

Mentor and provide guidance to the members of the Offensive Security team

Utilize threat modeling to identify threats and shape Red Team priorities and exercises

Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code

Perform penetration testing, code reviews, and design/architecture reviews

Write tooling to assist with and automate Red Team assessments

Plan and participate in Adversarial Simulation exercises with various security teams

Lead Security Incidents when Pentest or Red Team findings require them

Publish blog posts and present talks at security conferences

Qualification

Red Team experiencePenetration testingThreat modelingVulnerability researchMacOSLinuxMitre’s ATT&CK FrameworkCloud providersCommunication skillsExperience in Financial TechnologyMentoringSoft skills

Required

5+ years of Red Team experience

Experience mentoring other team members

Passion and demonstrated experience for challenging security assumptions

Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives

Passion for fixing security issues and not just identifying security issues

Familiarity with common network protocols and standards such as DNS and TCP/IP

Experience with MacOS and Linux

Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions

Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them

Deep understanding of Mitre's ATT&CK Framework

Strong understanding of the security fundamentals of access and identity

Comfortable reading / writing python, go, and javascript

Ability to research and execute a testing plan to access a new technology or process

Demonstrated experience working with a distributed team

Proficiency to communicate over a text-based medium (Slack, JIRA Issues, GitHub issues, & Email) and can succinctly document technical details