Job opportunities


Senior Security Engineer - Insider Trust and DLP



Menlo Park, CA, USA · New York, NY, USA · Seattle, WA, USA
Posted on Wednesday, April 19, 2023

Join a leading fintech company that’s democratizing finance for all.

Robinhood was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood is lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.

As we continue to build...

We’re seeking curious thinkers looking to co-author the next chapters of our story. Joining now means helping shape our vision, structures and systems; playing a key-role as we launch into our ambitious future.

This role will ideally be seated on Menlo Park, CA, Seattle, WA, or New York, NY

About the Team and Role:

The Insider Trust Program is a cornerstone of security at Robinhood. We exemplify our Safety First value by mitigating the risk of insider threats to Robinhood’s people and resources. Our team is committed to safeguarding Robinhood and our customers, while also prioritizing the protection and well-being of our valued employees. We proactively detect, assess, and mitigate potential insider threats by implementing robust security measures, fostering a culture of awareness and accountability, and promoting the responsible use of company resources.

We are seeking a proactive, creative, and independent senior security engineer with experience in both Data Loss Prevention (DLP) and Insider Threat investigations and analysis. Our holistic approach to Insider Trust includes protecting data. The best candidate for this opportunity will be well-versed in data safety and data loss prevention, while also understanding the full range of Insider Trust use cases. As a member of the Insider Trust Program, you'll work cross-functionally to optimize and integrate DLP tooling and detections, as well as support insider threat analysis and investigations.

This role is within Safety & Productivity (S&P), reporting directly to the Head of Insider Trust. Not all applicants will have skills that fully match a job description. We value diversity, and we encourage anyone who meets the required qualifications to apply.

What you’ll do day-to-day:

  • Create and tune policies and detections using DLP and Insider Trust tooling
  • Build detections to expand DLP and Insider Trust use case coverage, including building detections that depend on data classification.
  • Integrate data from multiple sources to mature visibility of data movement and loss events in Splunk
  • Produce and maintain dashboards/metrics; ensure metrics are complete and accurate
  • Drive programmatic improvements through automation and data-driven insights
  • Author playbooks to codify internal processes
  • Triage alerts linked to anomalous insider behaviors
  • Conduct source interviews and author reports in support of insider threat investigations
  • Consistent communication with cross-functional stakeholders, including Legal, Employee Relations, and leadership.

About you:

  • 5+ years of security engineering experience across both DLP and insider threat.
  • Technical Expertise: Strong background in cybersecurity, experience with DLP technologies and methods, experience crafting insider threat detections, and working knowledge of incident response procedures. Knowledge of industry practices for data classification, data encryption, and mitigating risk of data leakage.
  • Insider Threat Knowledge: Deep understanding of insider threat detection and mitigation techniques and use cases. This includes behavioral analytics, user monitoring, and privileged access management. Experience in identifying insider threat indicators, conducting insider threat investigations, and analyzing patterns of activity is essential.
  • Analytical Skills & Investigative Mindset: Strong quantitative and qualitative analytic capabilities, including ability pattern recognition, anomaly detection, and ability to identify use-case specific suspicious behaviors that may be early indicators of insider threat. The ability to correlate and analyze large volumes of data from various sources is critical. Experience in gathering evidence, conducting interviews, and documenting findings in a forensically sound manner is necessary.
  • Ethics and Integrity: Given the sensitivity and confidentiality of insider threat investigations, you should demonstrate the highest level of ethics and integrity, with a commitment to maintaining confidentiality, professionalism, and compliance with applicable laws and regulations.
  • Continuous Learning: You should have a mindset of continuous learning and keeping up-to-date with the latest trends, technologies, and best practices in DLP and insider threat detection and mitigation.

Top Skills & Experience

  • Experience/familiarity with MacOS and GSuite
  • Expertise in SaaS application configurations to support DLP and Insider Trust use cases
  • Experience creating regex for custom data classification needs
  • Deep understanding of data environments and data movement, including protecting endpoints, data threat vectors, and relevant mitigating controls
  • Splunk proficiency, including API integration and joining indices
  • Deep understanding of insider threat TTPs and technologies
  • Experience conducting source and subject interviews

Bonus points:

  • Prior experience on an Insider Threat/Counterintelligence Program
  • Experience in Security Operations and/or Digital Forensics & Incident Response (DFIR)
  • Experience in a cloud-native company
  • Experience in the financial sector

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. You can view comp zones for our US office locations in the table below. For other locations not listed, compensation can be discussed with your recruiter during the interview process.

Office locations (by comp zone)
US Zone 1: Menlo Park, NYC, Seattle, Washington DC
US Zone 2: Denver, Westlake (Dallas), Chicago
US Zone 3: Lake Mary

We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.

Robinhood promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review Robinhood's Privacy Policy please visit Robinhood - US Applicant Privacy Policy. If you are an applicant located in the UK or EEA, please visit the Robinhood UK/EEA Applicant Privacy Policy.

Click here to learn more about Robinhood’s Benefits.