Senior Security Analyst, Threat Intelligence

TL;DR

Senior Security Analyst, Threat Intelligence: Proactively hunt and map criminal ecosystems targeting Robinhood and customers, then translate intelligence into detections, coordinated defenses, and customer protections with an accent on campaign- and actor-level analysis. Focus on building scalable threat intelligence workflows, investigating attacker infrastructure across domains and cloud/telecom platforms, and coordinating takedowns while communicating business risk to technical and executive stakeholders.

Location: Menlo Park, CA (in-person attendance expected at least 3 days per week)

Salary: $129,000–$195,000 USD base pay (varies by compensation zone)

Company

Robinhood builds technology for democratizing finance for all.

What you will do

• Hunt and map criminal ecosystems (phishing, scams, impersonation, fraud, infrastructure abuse) and translate findings into detections and coordinated defenses.
• Build and maintain a comprehensive “Universe of Threats” by identifying, tracking, and prioritizing adversaries.
• Investigate attacker infrastructure across domains, DNS, certificate transparency logs, cloud providers, and telecom platforms; convert findings into detections, controls, and customer protections.
• Coordinate threat actor infrastructure takedowns with hosting providers, domain registrars, cloud platforms, and other infrastructure partners.
• Scale intelligence workflows using OSINT tooling, enrichment pipelines, data analysis tools, and case management systems.
• Partner with Detection & Response, Automation, Customer Trust & Safety, Security Engineering, Corporate Security, and Risk to prioritize threats based on measurable business risk.

Requirements

• 5+ years of total experience, including 2–3+ years operating at a senior scope in threat intelligence, brand protection, or cyber investigations.
• Hands-on experience tracking criminal ecosystems tied to phishing, scams, impersonation, fraud, and infrastructure abuse; ability to move from indicators to campaign- and actor-level analysis.
• Familiarity with domain registration patterns, DNS and certificate transparency analysis, and cloud/hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), including attacker monetization methods.
• Experience using OSINT tooling, SQL, Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case management systems to analyze data and automate workflows.
• Ability to translate complex technical threats into clear business risk for technical teams and stakeholders through strong written and verbal communication.
• High accountability and sound risk judgment in ambiguous situations; experience supporting peers and team initiatives.

Culture & Benefits

• Performance-driven compensation with multipliers for outsized impact, plus bonus opportunities and equity.
• 100% paid health insurance for employees and 90% coverage for dependents.
• Lifestyle wallet for flexible spending on wellness, learning, and more.
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.
• Time off including company holidays, paid time off, sick time, and parental leave.
• In-person office experience with catered meals, events, and comfortable workspaces.