Senior Security Analyst Threat Intelligence

You will operate at the forefront of advanced and evolving threats, actively hunt for phishing, scams, impersonation, fraud, and infrastructure abuse campaigns, and build scalable systems that turn intelligence into action. This role combines hands-on investigation, program design, mentorship, and stakeholder engagement. Your work will shape proactive controls and influence security decisions, strengthening the threat defense strategy.

Responsibilities

• Proactively hunt and map criminal ecosystems targeting Robinhood and its customers, and translate intelligence into detections and coordinated defenses that disrupt adversaries before they cause harm.
• Build and maintain a comprehensive "Universe of Threats" by identifying, tracking, and prioritizing adversaries across phishing, scams, impersonation, fraud, and infrastructure abuse.
• Support and contribute to a proactive threat intelligence lifecycle through industry partnerships, collaboration with trusted peers and federal authorities, and cultivating online personas to generate early warning capabilities that protect Robinhood's business operations.
• Investigate attacker infrastructure across domains, DNS, certificate transparency logs, cloud providers, and telecom platforms, and convert findings into concrete detections, controls, and customer protections.
• Coordinate threat actor infrastructure takedowns with hosting providers, domain registrars, cloud platforms, and other infrastructure partners to disrupt adversary operations.
• Leverage and improve intelligence workflows using OSINT tooling, enrichment pipelines, data analysis tools, and case management systems to scale analysis and reporting.
• Partner with Detection & Response, Automation, Customer Trust & Safety (Fraud and Financial Crimes), Security Engineering, Corporate Security, and Risk to prioritize threats based on measurable business risk.

Requirements

• 5+ years of total experience, including 2–3+ years operating at a senior scope in threat intelligence, brand protection, or cyber investigations.
• Hands-on experience tracking criminal ecosystems tied to phishing, scams, impersonation, fraud, and infrastructure abuse, and the ability to move from isolated indicators to campaign- and actor-level analysis.
• Familiarity with domain registration patterns, DNS and certificate transparency analysis, cloud and hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), and attacker monetization methods.
• Experience using OSINT tooling, SQL, Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case management systems to analyze data and automate workflows.
• Ability to translate complex technical threats into clear business risk for technical teams and immediate stakeholders through strong written and verbal communication.
• Experience contributing to team initiatives and supporting peers, with a high level of accountability and sound risk judgment in ambiguous situations.

Benefits

• Challenging, high-impact work to grow your career
• Top tier benefits to fuel your work, including supplemental health insurance, ancillary insurance, and mental health support programs
• Lifestyle wallet - a highly flexible employer-paid benefits spending account expenses beyond traditional benefits such as wellness, childcare, learning, and more.
• Time off to recharge including company holidays, paid time off, sick time, paid volunteer time off, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.
• Monthly commuter stipend to help offset in-office commuting costs