Staff Security Analyst, Threat Intelligence
Company: Robinhood
Location: Menlo Park
Posted on: April 1, 2026
|
|
|
Job Description:
Join us in building the future of finance. Our mission is to
democratize finance for all. An estimated $124 trillion of assets
will be inherited by younger generations in the next two decades.
The largest transfer of wealth in human history. If you’re ready to
be at the epicenter of this historic cultural and financial shift,
keep reading. About the team role We are building an elite team,
applying frontier technologies to the world’s biggest financial
problems. We’re looking for bold thinkers. Sharp problem-solvers.
Builders who are wired to make an impact. Robinhood isn’t a place
for complacency, it’s where ambitious people do the best work of
their careers. We’re a high-performing, fast-moving team with
ethics at the center of everything we do. Expectations are high,
and so are the rewards. The Threat Intelligence team reduces
organizational risk by rapidly detecting, understanding, and
disrupting adversary activity. We research criminal ecosystems
targeting our brand, customers, and infrastructure, and work with
partners to translate that intelligence into detections, controls,
and customer protections. Our work enables Security, Engineering,
Trust & Safety, and executive leaders to focus resources where risk
is highest. We operate with a strong sense of ownership, clear
communication, and a commitment to protecting customers so they can
confidently participate in the financial system! As a Staff
Security Analyst, Threat Intelligence, you will operate at the
forefront of advanced and evolving threats targeting Robinhood and
our customers. You will actively hunt for emerging phishing, scam,
impersonation, fraud, and infrastructure abuse campaigns while
building scalable systems that turn intelligence into action. This
role combines hands-on investigation, program design, mentorship,
and stakeholder engagement. Your work will shape proactive
controls, influence product and security decisions, and strengthen
our overall threat defense strategy. This role is based in our
Menlo Park, CA office, with in-person attendance expected at least
3 days per week. At Robinhood, we believe in the power of in-person
work to accelerate progress, spark innovation, and strengthen
community. Our office experience is intentional, energizing, and
designed to fully support high-performing teams. What you’ll do
Proactively hunt and map criminal ecosystems targeting Robinhood
and its customers, then translate intelligence into scalable
systems and coordinated defenses that disrupt adversaries before
they cause harm. Build and operationalize a comprehensive “Universe
of Threats” by identifying, tracking, and prioritizing adversaries
across phishing, scams, impersonation, fraud, and infrastructure
abuse. Establish and mature a proactive threat intelligence
lifecycle by developing industry partnerships, collaborating with
trusted peers and federal authorities, and cultivating online
personas to generate early warning capabilities that protect
Robinhood’s business operations. Investigate attacker
infrastructure across domains, DNS, certificate transparency logs,
cloud providers, and telecom platforms, and convert findings into
concrete detections, controls, and customer protections. Coordinate
threat actor infrastructure takedowns with hosting providers,
domain registrars, cloud platforms, and other infrastructure
partners to disrupt adversary operations at scale. Design and
automate intelligence workflows using OSINT tooling, enrichment
pipelines, data analysis tools, and case management systems to
scale analysis and reporting. Partner directly with Detection &
Response, Automation, Customer Trust & Safety (Fraud and Financial
Crimes), Security Engineering, Corporate Security, Risk, and
executive leaders to prioritize threats based on measurable
business risk. What you bring 8–12 years of total experience,
including 3–5 years operating at a senior or staff-level scope in
threat intelligence, brand protection, or cyber investigations.
Hands-on experience tracking criminal ecosystems tied to phishing,
scams, impersonation, fraud, and infrastructure abuse, and the
ability to move from isolated indicators to campaign- and
actor-level analysis. Deep familiarity with domain registration
patterns, DNS and certificate transparency analysis, cloud and
hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), and
attacker monetization methods. Experience using OSINT tooling, SQL,
Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case
management systems to analyze data and automate workflows. Ability
to translate complex technical threats into clear business risk for
technical teams and executive audiences through strong written and
verbal communication. Experience mentoring others or leading
initiatives across teams, with a high level of accountability and
sound risk judgment in ambiguous situations. Nice to have
Experience with crypto investigations or on-chain analysis.
Background in highly regulated industries such as fintech,
financial services, payments, crypto, healthcare, or government.
What we offer Challenging, high-impact work to grow your career.
Performance-driven compensation with multipliers for outsized
impact, bonus programs, equity ownership, and 401(k) matching.
Best-in-class benefits to fuel your work, including 100% paid
health insurance for employees with 90% coverage for dependents.
Lifestyle wallet — a highly flexible benefits spending account for
wellness, learning, and more. Employer-paid life & disability
insurance, fertility benefits, and mental health benefits. Time off
to recharge including company holidays, paid time off, sick time,
parental leave, and more! Exceptional office experience with
catered meals, events, and comfortable workspaces. In addition to
the base pay range listed below, this role is also eligible for
bonus opportunities equity benefits. Base pay for the successful
applicant will depend on a variety of job-related factors, which
may include education, training, experience, location, business
needs, or market demands. The expected base pay range for this role
is based on the location where the work will be performed and is
aligned to one of 3 compensation zones. For other locations not
listed, compensation can be discussed with your recruiter during
the interview process. Base Pay Range: Zone 1 (Menlo Park, CA; New
York, NY; Bellevue, WA; Washington, DC) $191,000 - $225,000 USD
Zone 2 (Denver, CO; Westlake, TX; Chicago, IL) $168,000 - $198,000
USD Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL)
$150,000 - $176,000 USD Click here to learn more about our Total
Rewards, which vary by region and entity. If our mission energizes
you and you’re ready to build the future of finance, we look
forward to seeing your application. Robinhood provides equal
opportunity for all applicants, offers reasonable accommodations
upon request, and complies with applicable equal employment and
privacy laws. Inclusion is built into how we hire and
work—welcoming different backgrounds, perspectives, and experiences
so everyone can do their best. Please review the for your country
of application.
Keywords: Robinhood, Richmond , Staff Security Analyst, Threat Intelligence, IT / Software / Systems , Menlo Park, California
