Staff Security Analyst, Threat Intelligence

About The Position

Requirements

• 8–12+ years of total experience, including 3–5+ years operating at a senior or staff-level scope in threat intelligence, brand protection, or cyber investigations.
• Hands-on experience tracking criminal ecosystems tied to phishing, scams, impersonation, fraud, and infrastructure abuse, and the ability to move from isolated indicators to campaign- and actor-level analysis.
• Deep familiarity with domain registration patterns, DNS and certificate transparency analysis, cloud and hosting abuse across providers (e.g., AWS, GCP, Azure, VPS), and attacker monetization methods.
• Experience using OSINT tooling, SQL, Python, notebooks, SIEM or SOAR platforms, OpenCTI, and case management systems to analyze data and automate workflows.
• Ability to translate complex technical threats into clear business risk for technical teams and executive audiences through strong written and verbal communication.
• Experience mentoring others or leading initiatives across teams, with a high level of accountability and sound risk judgment in ambiguous situations.

Nice To Haves

• Experience with crypto investigations or on-chain analysis.
• Background in highly regulated industries such as fintech, financial services, payments, crypto, healthcare, or government.

Responsibilities

• Proactively hunt and map criminal ecosystems targeting Robinhood and its customers, then translate intelligence into scalable systems and coordinated defenses that disrupt adversaries before they cause harm.
• Build and operationalize a comprehensive “Universe of Threats” by identifying, tracking, and prioritizing adversaries across phishing, scams, impersonation, fraud, and infrastructure abuse.
• Establish and mature a proactive threat intelligence lifecycle by developing industry partnerships, collaborating with trusted peers and federal authorities, and cultivating online personas to generate early warning capabilities that protect Robinhood’s business operations.
• Investigate attacker infrastructure across domains, DNS, certificate transparency logs, cloud providers, and telecom platforms, and convert findings into concrete detections, controls, and customer protections.
• Coordinate threat actor infrastructure takedowns with hosting providers, domain registrars, cloud platforms, and other infrastructure partners to disrupt adversary operations at scale.
• Design and automate intelligence workflows using OSINT tooling, enrichment pipelines, data analysis tools, and case management systems to scale analysis and reporting.
• Partner directly with Detection & Response, Automation, Customer Trust & Safety (Fraud and Financial Crimes), Security Engineering, Corporate Security, Risk, and executive leaders to prioritize threats based on measurable business risk.

Benefits

• Challenging, high-impact work to grow your career.
• Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.
• Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.
• Lifestyle wallet — a highly flexible benefits spending account for wellness, learning, and more.
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.