Senior Penetration Tester

Join us in building the future of finance. Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading. About the team + role Our group is building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers & sharp problem-solvers. Individuals who are wired to make an impact. Robinhood is where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. The Penetration Testing team at Robinhood is a core part of our Offensive Security program and a key pillar within Security & Privacy Engineering. We work across the company to identify, understand, and reduce security risk through threat modeling, penetration testing, code reviews, and vulnerability research. Our team goes beyond simply finding issues—we take pride in fixing what we find, contributing to long-term improvements, and proactively helping teams build safer systems from the start. As a Senior Penetration Tester, you'll be a hands-on contributor to our internal application security testing program. You'll perform proactive security assessments, research emerging threats, scale the team via AI and automation, and work directly with engineers to design and implement fixes. This is a highly collaborative role that combines technical depth, creativity, and clear communication to protect our customers and our platform. This role is based in our Bellevue, WA office, with in-person attendance expected at least 3 days per week. At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams. What you’ll do Perform application security assessments, including code reviews (primarily Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure. Build and operate AI-assisted tools (e.g. LLM-based code review, AI-driven fuzzing, agentic recon pipelines) to increase testing throughput and coverage. Conduct threat modeling for high-impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact. Collaborate on the triage of bug bounty submissions. Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration. Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes (via pull requests). Research emerging threats, new technologies, and attack techniques to evolve offensive and defensive capabilities of AI/ML systems. Publish technical blog posts, speak at industry conferences, or share insights with the wider security community. Advocate for security and privacy across engineering and product development teams. What you bring 5+ years of experience in penetration testing, application security, or security engineering. Proactive communication and engagement with stakeholders. Demonstrated impact using AI tools (models, agentic frameworks, et al) as force multipliers in security work. Proficiency in auditing and exploiting Go and Python services. Strong grasp of application security principles, authentication and authorization models, and common vulnerability patterns. Experience with vulnerability research, business logic flaws, and application-layer misuse patterns. Experience targeting AI/ML systems: prompt injection, tool/agent misuse, context and model exfiltration, and the broader stack (RAG pipelines, MCP servers, agentic frameworks). Working knowledge of cryptocurrency and blockchain security: custody and signing flows, wallet and key-management design, on-chain integrations, and misuse patterns specific to digital-asset movement (transfer validation, replay, signature handling, bridge/staking integrations). Familiarity with Linux systems, intrusion detection, and common log formats. Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes). Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices. Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders. Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA. This position is restricted to US citizens or lawful permanent residents due to legal requirements. Bonus points Experience in the financial technology (fintech) industry or highly regulated environments. Passion for improving security through fixing—not just finding—vulnerabilities. Demonstrated history of challenging security assumptions and creatively solving complex problems. What we offer Challenging, high-impact work to grow your career Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching Best in class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more Employer-paid life & disability insurance, fertility benefits, and mental health benefits Time off to recharge including company holidays, paid time off, sick time, parental leave, and more! Exceptional office experience with catered meals, events, and comfortable workspaces. In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits. Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process. Base Pay Range: Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC) $187,000—$220,000 USD Zone 2 (Denver, CO; Westlake, TX; Chicago, IL) $165,000—$194,000 USD Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL) $146,000—$172,000 USD Click here to learn more about our Total Rewards, which vary by region and entity. If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application. Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.