Senior Security Engineer, AI Vulnerability Management

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. 

At Robinhood, we view security as an engineering and design challenge, not an administrative one. We are looking for a lead architect for our next-generation automated defense systems. As a Senior Vulnerability Management Engineer, you will transform the program into a self-scaling security platform that transcends traditional "scan-and-patch" cycles. You will lead the shift to an Intelligence-Driven Defense model by leveraging Agentic AI and Machine Learning to automate the discovery, prioritization, and remediation of risk at scale, ultimately making security "cheap" for our developers.

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams. 

What you’ll do

• Set Strategic RBVM Vision: Act as the technical lighthouse, defining the multi-year roadmap and driving the move toward Risk-Based Vulnerability Management (RBVM), prioritizing vulnerabilities based on real-world exploitability and business context.
• Architect Agentic AI Systems: Design and deploy AI agents that autonomously triage findings, correlate threat intelligence, and generate production-ready remediations (e.g., automated Pull Requests for dependency updates and config drift).
• Build Exposure Intelligence: Develop systems that correlate vulnerabilities with runtime context and infrastructure topology (Kubernetes/AWS) to accurately model real-world blast radius and ensure engineers only fix what is actually exploitable.
• Automate Triage & Self-Healing: Create "paved roads" and CI/CD guardrails that prevent specific vulnerability categories from ever reaching production, reducing manual toil for the entire engineering organization.
• Data-Centric Visibility: Build high-fidelity dashboards using LLM-powered summarization to translate complex security signals into actionable insights for engineering leadership.
• Lead Emergency Response: Orchestrate the technical response to high-impact zero-days by rapidly performing cross-environment blast-radius analysis.
• Drive Execution Ownership: Take full ownership of operational security work, ensuring that critical vulnerabilities are systematically eradicated while maintaining high engineering velocity.

What you bring

• Experience: 5+ years in Security Engineering with a track record of leading high-impact automation or security platform initiatives at a Senior or Staff level.
• AI & Agentic System Fluency: Hands-on experience building or deploying agentic systems or LLM orchestration frameworks (e.g., LangChain, AutoGPT) to solve complex security or engineering problems at scale.
• Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty programs; a deep understanding of how attackers exploit vulnerabilities and how to translate those findings into systemic fixes.
• Engineering Excellence: Strong software engineering background with proficiency in Go or Python and a history of building scalable, API-driven security tooling.
• Modern Infrastructure Depth: Deep knowledge of securing AWS and Kubernetes-based architectures.
• Vulnerability Domain Knowledge: High familiarity with vulnerability categories, exploitability, and modern risk frameworks (CVSS, EPSS, CISA KEV).
• Detection Ecosystems: Experience with modern platforms like Snyk, Semgrep, Wiz, EndorLabs, or TruffleHog.
• Velocity Mindset: A commitment to reducing security friction and a track record of working effectively with high-velocity engineering teams.

Nice to have

• Fintech Experience: Experience navigating security in highly regulated or high-growth financial environments.
• Security as Code: Experience implementing "Security as Code" within large-scale CI/CD environments.

What we offer

• Challenging, high-impact work to grow your career.
• Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.
• Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.
• Lifestyle wallet — a highly flexible benefits spending account for wellness, learning, and more.
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.