Tech Stack

Description

You will strengthen Robinhood's ability to detect, investigate, and contain security incidents. You'll design detection logic, analyze telemetry, and work with SOC analysts to refine workflows and reduce false positives.

Requirements

• 2–4 years experience in security operations, detection engineering, or incident response
• Experience analyzing logs and tuning alerts within SIEMs, EDR, and cloud security tools
• Experience writing detections using query languages (e.g., SQL-like, KQL)
• Familiarity with threat hunting and investigation across cloud and endpoint environments
• Clear written and verbal communication skills for documenting incidents and collaborating with teams

Responsibilities

• Investigate security alerts across SIEM, EDR, and cloud platforms, perform log analysis, coordinate containment
• Develop, test, and tune detection rules to improve signal quality and reduce false positives
• Correlate data from multiple telemetry sources to identify attack patterns and determine response actions
• Monitor emerging threats and update detection logic based on findings and threat intelligence
• Contribute to automation by building SOAR playbooks and scripts to improve investigation speed