About this role
Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.
We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact.
Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.
The Security & Privacy Engineering team works to identify, understand, and reduce security risk across Robinhood’s products and infrastructure. Within this organization, the Penetration Testing team focuses on uncovering vulnerabilities through structured testing, threat modeling, and security research. The team partners closely with engineering to strengthen system design and improve long-term security outcomes. You will help make our systems safer for millions of customers!
As a Penetration Tester, you will conduct hands-on security assessments of applications, services, and infrastructure while contributing to improvements in detection and prevention. You will review source code, analyze business logic risks, and validate vulnerabilities identified through automated systems. This role includes working directly with engineers to remediate issues and, at times, contributing code changes. You will also research new attack techniques and share findings internally and externally to strengthen security practices!
This role is based in our Bellevue, WA, USA and Toronto, ON, Canada office(s), with in-person attendance expected at least 3 days per week.
At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.
● Perform application security assessments, including manual penetration testing, design reviews, and code reviews in Go and Python
● Conduct threat modeling for critical systems and explain risks in terms of business logic, fraud scenarios, and customer impact
● Review and triage bug bounty submissions, validating findings and prioritizing remediation
● Improve detection coverage by validating automated findings and developing scripts or configurations to enhance security tooling
● Work with engineering teams to remediate vulnerabilities, including suggesting fixes and contributing code changes when appropriate
● You have 3–5+ years of experience in penetration testing, application security, or security engineering
● You can read and review Go and Python source code to identify security issues
● You understand web application security concepts, authentication and authorization models, and common vulnerability patterns
● You have experience identifying business logic flaws and application-layer abuse scenarios
● You can clearly communicate technical risks to both technical and non-technical audiences
● Challenging, high-impact work to grow your career
● Performance driven compensation with multipliers for outsized impact, bonus programs, and equity ownership
● Top tier benefits to fuel your work, including supplemental health insurance, ancillary insurance, and mental health support programs
● Lifestyle wallet - a highly flexible employer-paid benefits spending account expenses beyond traditional benefits such as wellness, childcare, learning, and more.
● Time off to recharge including company holidays, paid time off, sick time, paid volunteer time off, parental leave, and more!
● Exceptional office experience with catered meals, events, and comfortable workspaces.
● Monthly commuter stipend to help offset in-office commuting costs
In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.
Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process.
Base Pay Range:
Click here to learn more about our Total Rewards, which vary by region and entity.
If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.
Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.