CrawlJobs Logo

Engineering Manager, Offensive Security & Vulnerability Management

robinhood.com Logo

Robinhood

Location Icon

Location:
United States , Menlo Park

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

217000.00 - 255000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Robinhood’s Security Operations team is seeking a strategic and technical Senior Manager to lead our Offensive Security and Vulnerability Management programs. In this role, you’ll drive our ability to proactively identify, assess, and reduce risk across the company by simulating advanced threat actor behaviors and maturing how we prioritize, and remediate vulnerabilities. You will also spearhead our Autonomic Security Operations strategy, scaling security through automation, codification, and continuous validation. By transforming security knowledge into reusable, testable artifacts, you’ll help deliver ongoing assurance in our controls and remediation efforts, while amplifying the deep expertise and impact of our teams. You’ll lead high-caliber teams focused on internal offensive security engagements, such as red teaming and penetration testing, as well as vulnerability research and agile vulnerability lifecycle management, working cross-functionally to translate findings into meaningful security and business outcomes.

Job Responsibility:

  • Lead the Offensive Security team in planning and executing red team operations, internal penetration tests, and adversary emulation campaigns
  • Oversee the Vulnerability Management team responsible for running our bug bounty program as well as continuous discovery, triage, and remediation of vulnerabilities across infrastructure, applications, and cloud environments
  • Define and drive the strategy for Autonomic Security Operations, investing in automated testing and validation pipelines that codify security knowledge and detection coverage
  • Partner closely with engineering, product, threat intelligence and detection & response stakeholders to ensure controls are continuously tested and vulnerabilities are effectively surfaced
  • Build processes, tooling, and dashboards to track and communicate vulnerability and control assurance metrics to stakeholder and leadership
  • Contribute to long-term security planning by identifying control gaps, operational bottlenecks, and opportunities to scale security through automation

Requirements:

  • 5+ years of experience in security
  • 3+ years managing technical teams in Offensive Security, Red Teaming, or Vulnerability Management
  • Strong technical foundations in adversary simulation, threat modeling, and vulnerability lifecycle management
  • Strategic thinking, translating offensive findings and vuln data into business risk language and operational improvements
  • Experience building and scaling automated security validation (e.g. Purple teaming, attack simulation, continuous testing frameworks)
  • Operating in complex challenging environments and networks
  • Influence across functions and driving remediation outcomes without direct authority
What we offer:
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces

Additional Information:

Job Posted:
December 11, 2025

Employment Type:
Fulltime
Work Type:
On-site work
Icon
Robinhood - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Engineering Manager, Offensive Security & Vulnerability Management

Security Engineering Manager

Corporate Tools is looking for a Security Engineering Manager who eats vulnerabi...
Location
Location
Salary
Salary:
185000.00 USD / Year
corporatetools.com Logo
Corporate Tools
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Computer Science or equivalent experience
  • 5+ years building and securing software — hands‑on experience with web frameworks (Rails, Django, Node, etc.) and modern architectures
  • Proven application security expertise: secure SDLC, OWASP, threat modeling, exploit mitigation, and vulnerability remediation
  • Experience leading security or engineering teams — setting strategy, running scrums, conducting reviews, and mentoring talent
  • Strong knowledge of cloud environments (AWS, Azure, GCP) and securing databases (SQL/NoSQL) in production
  • Exposure to offensive and defensive security practices — red team, blue team, or incident response experience a plus
  • Ability to communicate risk and solutions to execs, engineers, and auditors — respected by hackers and trusted by leadership
  • Pragmatic mindset: knows when to enable speed, when to block, and how to automate guardrails to keep teams fast and safe
Job Responsibility
Job Responsibility
  • Lead 6 security engineers across three specialized teams: Red (offense), Blue (defense), and Orange (compliance)
  • Own the security strategy and execution for offensive testing, defensive monitoring, and compliance work — ensuring all three disciplines are aligned
  • Act as the technical anchor for the teams: review code, guide exploits, drive secure architecture decisions, and mentor engineers
  • Partner with product and engineering leads to embed security into development (threat modeling, secure coding, CI/CD guardrails)
  • Build internal security tools and automation that make it easier for product teams to ship securely
  • Oversee red team engagements and turn findings into actionable fixes, not just reports
  • Manage defensive capabilities — incident response, detection engineering, monitoring — and continually improve them
  • Ensure compliance frameworks (SOC2, ISO, PCI, etc.) are met without slowing innovation or creating unnecessary bureaucracy
  • Set a high technical bar: coach, mentor, and challenge engineers to pursue elegant, practical security solutions
  • Balance being a builder and a leader: stay hands‑on enough to earn respect from hackers, but prioritize leading and scaling the team’s impact
What we offer
What we offer
  • 100% employer-paid medical, dental and vision for employees
  • Annual review with raise option
  • 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
  • Paid Parental Leave
  • Up to 6% company matching 401(k) with no vesting period
  • Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
  • Open concept office with friendly coworkers
Read More
Arrow Right

Senior Security Researcher

Endor Labs is building the Application Security platform for the software develo...
Location
Location
United States
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security research, vulnerability discovery, and offensive security
  • deep expertise in reverse engineering, exploit development, and software vulnerability analysis
  • strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
  • experience discovering and responsibly disclosing zero-day vulnerabilities
  • proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
  • proficiency in programming languages such as Python, Rust, or Go
  • strong analytical skills and the ability to conduct complex security research autonomously
  • excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences.
Job Responsibility
Job Responsibility
  • Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
  • develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
  • work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
  • publish research findings through technical blogs, white papers, and industry-leading security conferences
  • collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
  • contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
  • stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts.
What we offer
What we offer
  • Work with a world-class team dedicated to pushing the boundaries of security research
  • directly influence the security of modern software supply chains
  • a culture that values innovation, collaboration, and continuous learning
  • competitive compensation, flexible work environment, and a generous benefits package
  • opportunity to present groundbreaking research and contribute to the global security community.
  • Fulltime
Read More
Arrow Right

Cloud Security Engineer

The Cloud Security Analyst performs all processes and procedures necessary to en...
Location
Location
Brazil , São Paulo
Salary
Salary:
Not provided
knowbe4.com Logo
KnowBe4
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in information security, information systems, or similar preferred
  • Relevant industry certification in information security, cloud security or similar preferred
  • Certifications in AWS, Azure and specifically AWS Security highly desirable
  • Demonstrated practical knowledge in cloud computing, cloud security, information security, IT, internet concepts
  • Some experience with infosec testing tools and scripts
  • Some experience with offensive cloud security
  • Familiar with application development concepts: servers, databases, coding, API’s, containers, logging, troubleshooting
  • Some experience working with Terraform/CloudFormation
  • Familiar with OWASP top 10 and MITRE ATT&CK Framework
  • Understanding of MITRE ATT&CK matrix
Job Responsibility
Job Responsibility
  • Responds to security alerts created across infosec alerting systems
  • Perform continuous monitoring and triage of security alerts from SIEM, CSPM, CWPP, and other cloud security tools
  • Serve as the primary responder for cloud security incidents, leading the investigation, containment, eradication, and recovery efforts
  • Creates new security alerts and dashboards related to cloud security
  • Triage cloud security findings
  • Performs threat hunting across information security log feeds
  • Monitor for, investigate, and respond to security incidents
  • Performs root cause analysis on identified vulnerabilities and identified incidents
  • Perform security reviews and penetration testing across company cloud infrastructure
  • Stay informed on the latest vulnerabilities
What we offer
What we offer
  • company-wide bonuses based on monthly sales targets
  • employee referral bonuses
  • adoption assistance
  • tuition reimbursement
  • certification reimbursement
  • certification completion bonuses
  • modern, high-tech, and fun work environment
  • Fulltime
Read More
Arrow Right

Product Security Test Engineer

As part of our HPE Operations Cybersecurity Lab, the Security Systems/Software E...
Location
Location
Puerto Rico , Aguadilla
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Systems, or equivalent
  • Typically 4-6 years experience
  • Expertise in multiple software systems design tools and languages
  • Experience of relational database management systems and their query languages (e.g. SQL)
  • Strong Experience writing software using any modern language and technology stack, i.e Python, Javascript, and frameworks for building APIs and user interfaces
  • Knowledge of tools like Metasploit, Nmap, Burp Suite, Wireshark, vulnerability scanning tools, network mapping, and packet analysis
  • Experience in overall architecture of software systems for products, solutions and IT systems
  • Expertize working in a DevSecOps environment
  • Knowledge of OWASP Top 10 vulnerabilities, web-based attacks (SQL injection, XSS, CSRF), and web protocols
  • Experience with encryption methods and their applications
Job Responsibility
Job Responsibility
  • Designs security enhancements, updates, and programming changes for portions and subsystems of systems software, including operating systems, compliers, networking, utilities, databases, and Internet-related tools
  • Analyzes design and determines coding, programming, and integration activities required based on security requirements and general objectives and knowledge of overall architecture of product or solution
  • Design, develop, test, and maintain robust, scalable, and high-quality security and software solutions
  • Supports application and systems security strategy, architecture and roadmaps, review application architectures, code and system services from a security perspective
  • Writes and executes complete security testing plans, protocols, and documentation for assigned portion of application
  • identifies and debugs, and creates solutions for issues with code and integration into application architecture
  • Leads a project team of other software systems engineers and internal and outsourced development partners to develop reliable, cost effective and high quality solutions for assigned systems portion or subsystem
  • Collaborates and communicates with management, internal, and outsourced development partners regarding software systems design status, project progress, and issue resolution
  • Represents the software systems engineering team for all phases of larger and more-complex development projects
  • Provides guidance and mentoring to less-
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Senior Detection Engineer

This is a detection engineering role that leverages knowledge of monitoring, ana...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.marriott.com Logo
Marriott Bonvoy
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 3+ years of collective experience in Splunk SIEM (Splunk Enterprise Security) threat detection use case development or UEBA (Exabeam) use case development for insider threat use case development
  • 5+ years of experience in security functions such as SOC, CIRT, security engineering, risk management, vulnerability management or technical infrastructure operations, administration, or systems engineering
  • scripting or programming language, including Python
  • Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) preferred
  • offensive and defensive security certifications such as CEH, IGAC Cyber Defense, OSCP or other related certifications preferred
  • Splunk Certification, including Splunk Enterprise Security Certified Admin preferred
  • use case development experience on the Exabeam platform preferred
  • working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022 preferred
  • working knowledge of the MITRE ATT&CK Framework preferred
Job Responsibility
Job Responsibility
  • Lead collaboration sessions within the cyber security tower and other business units to devise security monitoring use cases
  • engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate
  • document prospective security monitoring use cases with MITRE ATT&ACK mappings using standard templates and methodologies
  • inform and consult other cyber ops teams of required data onboarding and integrations for use case development
  • develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and UEBA platforms
  • solicit feedback for pre-production security monitoring content through peer review process and user acceptance testing for tuning
  • document developed security monitoring content in a documentation registry using department standard templates and methodologies
  • manage field mapping and transmission of security monitoring alerts to the security incident response platform for SOC analyst consumption as outlined in process documentation
  • provide governance support for the content development function entailing content development standards compliance, change management approvals for SIEM or UEBA content, and lifecycle management of developed security monitoring content
  • service operational requests in queue such as analytics content performance tuning, filtering, search refinement, parsing issues
  • Fulltime
Read More
Arrow Right

Security Engineer

We are seeking a highly skilled and talented Security Engineer to join our team....
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
redcloudtechnology.com Logo
RedCloud
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security, with a deep understanding of secure coding practices, secure development methodologies, and common application vulnerabilities
  • Strong knowledge of web application technologies, programming languages (such as Java, Python, or JavaScript), web frameworks, and associated security controls
  • Relevant certifications such as Advanced Web Attacks and Exploitation (OSWE), or Offensive Security Certified Professional (OSCP) are highly desirable
  • Excellent analytical and problem-solving abilities to identify and address application security vulnerabilities effectively
  • Strong communication skills, both verbal and written, to effectively convey complex application security concepts to technical and non-technical stakeholders
  • Demonstrated ability to adapt quickly to changing application security landscapes, think strategically, and make sound decisions under pressure
  • High ethical standards, maintaining confidentiality and demonstrating a commitment to the organisation's values and secure application development
  • Proactive approach to self-development, staying updated on the latest application security practices, techniques, tools, and industry trends
  • A strong background in both enterprise security and product security, with experience in multinational organisations
  • Hands-on experience with security frameworks such as ISO27001, SOC2, and SOX
Job Responsibility
Job Responsibility
  • Application Security Assessments: Conduct thorough security assessments of applications, including vulnerability assessments, penetration testing, and code reviews to identify and address potential security weaknesses
  • Secure Software Development: Collaborate with development teams to integrate security practices into the software development life cycle, ensuring secure coding techniques, security controls, and secure configuration management
  • Security Architecture: Design, implement, and maintain secure application architectures, frameworks, and guidelines, incorporating industry standards and best practices
  • Threat Modelling: Conduct threat modelling exercises to identify and prioritize potential security risks, assisting in the design and implementation of effective security controls
  • Secure Coding Guidelines: Develop and enforce secure coding guidelines, standards, and best practices, ensuring the proper implementation of security controls within application code
  • Vulnerability Management: Monitor and respond to security vulnerabilities and advisories, coordinating vulnerability scanning, patch management, and remediation activities
  • Incident Response: Participate in incident response activities related to application security incidents, including investigations, forensic analysis, and remediation efforts
  • Security Awareness and Training: Develop and deliver application security training and awareness programs to promote a culture of secure coding practices among developers and stakeholders
  • Security Tools and Automation: Evaluate, implement, and manage security tools and automation frameworks for continuous monitoring, testing, and security verification of applications
  • Research and Innovation: Stay updated on emerging application security threats, technologies, and industry trends, providing recommendations for continuous improvement and innovation
What we offer
What we offer
  • 25 Days Annual leave, increasing to 26 days after 12 months in the business
  • Enhanced Company Pension (Matched up to 5% & Salary Sacrifice)
  • Healthcare Cashplan with Medicash
  • Private Healthcare with Aviva
  • Life Insurance with AIG
  • Happl, our benefit platform which provides access to pre-negotiated discounts on a wide variety of services including entertainment, food, and fitness
  • Stock / Equity
Read More
Arrow Right

Staff Engineer Application Security

At Appen, we are at the forefront of data annotation and AI innovation, powering...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
appen.com Logo
Appen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field
  • 10+ years of experience in Application Security, including secure software development and architecture
  • Strong knowledge of secure coding practices, OWASP Top 10, and common application vulnerabilities
  • Hands-on experience with security tools such as Snyk, SonarCloud, Burp Suite, Nessus, and others
  • Threat detection and incident response: familiar with security incidents, ability to develop proactive strategies to mitigate risks through close collaboration with teams
  • Familiarity with cloud security principles, preferably in AWS environments
  • Experience with CI/CD pipelines and integrating security into DevOps workflows (DevSecOps)
  • Strong scripting and automation skills (e.g., Python, Bash, or similar)
  • Excellent problem-solving skills and the ability to think like an attacker
  • Relevant certifications such as CISSP, OSCP, CEH, or similar are highly desirable
Job Responsibility
Job Responsibility
  • Lead the design and implementation of application security architecture across our SaaS platforms
  • Conduct security assessments, threat modelling, and code reviews to identify and mitigate vulnerabilities
  • Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
  • Collaborate with Engineering and Platform teams to integrate security best practices into the CI/CD pipeline
  • Perform penetration testing, security audits, and vulnerability assessments
  • Develop and maintain secure coding standards, guidelines, and training programs for engineering teams
  • Implement and manage security tools such as SAST, DAST, and other security automation solutions
  • Stay up to date with emerging security threats, technologies, and industry best practices
  • Respond to security incidents and work with incident response teams to investigate and remediate issues
  • Mentor and guide junior security engineers, fostering a culture of security awareness and continuous improvement
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer

We are Citi’s Application, Platform and Engineering team, a start-up with the ex...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proficient in Golang
  • Production system builder with security focus - proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
  • Ethical hacking and penetration testing expertise - hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses
  • State-of-the-art security engineering with Go, Python, JavaScript - you build both security tools and secure production systems in fast-paced environments
  • HashiCorp Vault mastery - deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise-scale secrets management
  • Enterprise authentication & authorization - designing and implementing OAuth, JWT, RBAC, and complex identity systems with fine-grained access controls in business-critical applications
  • API security and threat modelling - securing REST/GraphQL APIs, conducting threat assessments, and implementing advanced security patterns in high-traffic production systems
  • AI/ML security and vulnerability research - understanding of LLM vulnerabilities, model security, prompt injection attacks, and AI-specific threat vectors through hands-on testing
  • Security automation and tooling – automating manual security processes
  • Cloud-native security - securing containerized applications in Kubernetes, service mesh security, and cloud-native security patterns at enterprise scale
Job Responsibility
Job Responsibility
  • Build secure AI products from 0-1 - Engineer production-grade, business-facing AI platforms with security built-in from day one
  • Ethical hacking and red team activities - Conduct penetration testing, vulnerability research, and attack simulation to make our products bulletproof
  • Design and build security tools and frameworks - Create automated security solutions that scale across fast-paced development cycles
  • Secure novel AI attack surfaces - Identify and mitigate LLM-specific vulnerabilities, prompt injection attacks, and AI model security risks through hands-on testing
  • Lead "shift left" security - Embed security practices throughout our rapid development lifecycle while maintaining velocity
  • Mentor security practices - Guide other engineers on secure coding, vulnerability remediation, and security-first thinking
What we offer
What we offer
  • 27 days annual leave (plus bank holidays)
  • A discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy