Staff Security Analyst, Threat Intelligence

8–12+ years of total experience, including 3–5+ years operating at a senior or staff-level scope in threat intelligence, brand protection, or cyber investigations.

Hands-on experience tracking criminal ecosystems tied to phishing, scams, impersonation, fraud, and infrastructure abuse, and the ability to move from isolated indicators to campaign- and actor-level analysis.

Deep familiarity with domain registration patterns, DNS and certificate transparency analysis, cloud and hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), and attacker monetization methods.

Experience using OSINT tooling, SQL, Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case management systems to analyze data and automate workflows.

Experience with crypto investigations or on-chain analysis.

AI Usage Disclosure:

Proactively hunt and map criminal ecosystems targeting Robinhood and its customers, then translate intelligence into scalable systems and coordinated defenses that disrupt adversaries before they cause harm.

Build and operationalize a comprehensive “Universe of Threats” by identifying, tracking, and prioritizing adversaries across phishing, scams, impersonation, fraud, and infrastructure abuse.

Establish and mature a proactive threat intelligence lifecycle by developing industry partnerships, collaborating with trusted peers and federal authorities, and cultivating online personas to generate early warning capabilities that protect Robinhood’s business operations.

Investigate attacker infrastructure across domains, DNS, certificate transparency logs, cloud providers, and telecom platforms, and convert findings into concrete detections, controls, and customer protections.

Coordinate threat actor infrastructure takedowns with hosting providers, domain registrars, cloud platforms, and other infrastructure partners to disrupt adversary operations at scale.

Design and automate intelligence workflows using OSINT tooling, enrichment pipelines, data analysis tools, and case management systems to scale analysis and reporting.

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Threat Intelligence team reduces organizational risk by rapidly detecting, understanding, and disrupting adversary activity. We research criminal ecosystems targeting our brand, customers, and infrastructure, and work with partners to translate that intelligence into detections, controls, and customer protections. Our work enables Security, Engineering, Trust & Safety, and executive leaders to focus resources where risk is highest. We operate with a strong sense of ownership, clear communication, and a commitment to protecting customers so they can confidently participate in the financial system!

As a Staff Security Analyst, Threat Intelligence, you will operate at the forefront of advanced and evolving threats targeting Robinhood and our customers. You will actively hunt for emerging phishing, scam, impersonation, fraud, and infrastructure abuse campaigns while building scalable systems that turn intelligence into action. This role combines hands-on investigation, program design, mentorship, and stakeholder engagement. Your work will shape proactive controls, influence product and security decisions, and strengthen our overall threat defense strategy.

The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.