Staff Security Analyst, Threat Intelligence

Overview Staff Security Analyst, Threat Intelligence – Join us in building the future of finance. Our mission is to democratize finance for all. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading. About the team + role: We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers and sharp problem-solvers. Robinhood isn’t a place for complacency; it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. The Threat Intelligence team reduces organizational risk by rapidly detecting, understanding, and disrupting adversary activity. We research criminal ecosystems targeting our brand, customers, and infrastructure, and translate intelligence into detections, controls, and customer protections. Our work enables Security, Engineering, Trust & Safety, and executive leaders to focus resources where risk is highest, with a commitment to protecting customers so they can participate confidently in the financial system. As a Staff Security Analyst, Threat Intelligence, you will operate at the forefront of advanced and evolving threats targeting Robinhood and our customers. You will actively hunt for emerging phishing, scam, impersonation, fraud, and infrastructure abuse campaigns while building scalable systems that turn intelligence into action. This role combines hands-on investigation, program design, mentorship, and stakeholder engagement. Your work will shape proactive controls, influence product and security decisions, and strengthen our overall threat defense strategy. This role is based in our Bellevue, WA; Menlo Park, CA; or New York City, NY offices, with in-person attendance expected at least 3 days per week. At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams. What you’ll do Proactively hunt and map criminal ecosystems targeting Robinhood and its customers, then translate intelligence into scalable systems and coordinated defenses that disrupt adversaries before they cause harm. Build and operationalize a comprehensive “Universe of Threats” by identifying, tracking, and prioritizing adversaries across phishing, scams, impersonation, fraud, and infrastructure abuse. Establish and mature a proactive threat intelligence lifecycle by developing industry partnerships, collaborating with trusted peers and federal authorities, and cultivating online personas to generate early warning capabilities that protect Robinhood’s business operations. Investigate attacker infrastructure across domains, DNS, certificate transparency logs, cloud providers, and telecom platforms, and convert findings into concrete detections, controls, and customer protections. Coordinate threat actor infrastructure takedowns with hosting providers, domain registrars, cloud platforms, and other infrastructure partners to disrupt adversary operations at scale. Design and automate intelligence workflows using OSINT tooling, enrichment pipelines, data analysis tools, and case management systems to scale analysis and reporting. Partner directly with Detection & Response, Automation, Customer Trust & Safety (Fraud and Financial Crimes), Security Engineering, Corporate Security, Risk, and executive leaders to prioritize threats based on measurable business risk. What you bring 8–12+ years of total experience, including 3–5+ years operating at a senior or staff-level scope in threat intelligence, brand protection, or cyber investigations. Hands-on experience tracking criminal ecosystems tied to phishing, scams, impersonation, fraud, and infrastructure abuse, and the ability to move from isolated indicators to campaign- and actor-level analysis. Deep familiarity with domain registration patterns, DNS and certificate transparency analysis, cloud and hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), and attacker monetization methods. Experience using OSINT tooling, SQL, Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case management systems to analyze data and automate workflows. Ability to translate complex technical threats into clear business risk for technical teams and executive audiences through strong written and verbal communication. Experience mentoring others or leading initiatives across teams, with a high level of accountability and sound risk judgment in ambiguous situations. Nice to have Experience with crypto investigations or on-chain analysis. Background in highly regulated industries such as fintech, financial services, payments, crypto, healthcare, or government. What we offer Challenging, high-impact work to grow your career. Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching. Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents. Lifestyle wallet — a highly flexible benefits spending account for wellness, learning, and more. Employer-paid life & disability insurance, fertility benefits, and mental health benefits. Time off to recharge including company holidays, paid time off, sick time, parental leave, and more! Exceptional office experience with catered meals, events, and comfortable workspaces. In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits. Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process. Base Pay Range: Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC) $191,000 - $225,000 USD Zone 2 (Denver, CO; Westlake, TX; Chicago, IL) $168,000 - $198,000 USD Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL) $150,000 - $176,000 USD Click here to learn more about our Total Rewards, which vary by region and entity. If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application. Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application. #J-18808-Ljbffr