Top Benefits
About the role
Join us in building the future of finance.
Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.
About the team + role
The Penetration Testing team at Robinhood is a core part of our Offensive Security program and a key pillar within Security & Privacy Engineering. We work across the company to identify, understand, and reduce security risk through threat modeling, penetration testing, code reviews, and vulnerability research. Our team goes beyond simply finding issues—we take pride in fixing what we find, contributing to long-term improvements, and proactively helping teams build safer systems from the start.
As a Penetration Tester, you'll be a hands-on contributor to our internal application security testing program. You'll perform manual assessments, research emerging threats, scale the team with automation, and work directly with engineers to design and implement fixes. This is a highly collaborative role that combines technical depth, creativity, and clear communication to protect our customers and our platform.
The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.
What you’ll do
- Perform application security assessments, including code reviews (primarily Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure.
- Conduct threat modeling for high-impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact.
- Collaborate on the triage of bug bounty submissions.
- Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration.
- Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes (via pull requests).
- Research emerging threats, new technologies, and attack techniques to inform internal security guidance and testing approaches.
- Publish technical blog posts, speak at industry conferences, or share insights with the wider security community.
- Advocate for security and privacy across engineering and product development teams.
What you bring
- 3–5+ years of experience in penetration testing, application security, or security engineering.
- Proficiency in reading and reviewing Go and Python source code.
- Strong grasp of web application security principles, authentication and authorization models, and common vulnerability patterns.
- Experience with vulnerability research, business logic flaws, and application-layer abuse patterns.
- Familiarity with Linux systems, intrusion detection, and common log formats.
- Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes).
- Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices.
- Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders.
- Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA.
Bonus points
- Experience in the financial technology (fintech) industry or highly regulated environments.
- Passion for improving security through fixing—not just finding—vulnerabilities.
- Demonstrated history of challenging security assumptions and creatively solving complex problems.
In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.
Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed.
Base Pay Range:
Toronto, ON
$114,750 - $135,000 CAD
Click here to learn more about our Total Rewards, which vary by region and entity.
If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.
Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.
Top Benefits
About the role
Join us in building the future of finance.
Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.
About the team + role
The Penetration Testing team at Robinhood is a core part of our Offensive Security program and a key pillar within Security & Privacy Engineering. We work across the company to identify, understand, and reduce security risk through threat modeling, penetration testing, code reviews, and vulnerability research. Our team goes beyond simply finding issues—we take pride in fixing what we find, contributing to long-term improvements, and proactively helping teams build safer systems from the start.
As a Penetration Tester, you'll be a hands-on contributor to our internal application security testing program. You'll perform manual assessments, research emerging threats, scale the team with automation, and work directly with engineers to design and implement fixes. This is a highly collaborative role that combines technical depth, creativity, and clear communication to protect our customers and our platform.
The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.
What you’ll do
- Perform application security assessments, including code reviews (primarily Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure.
- Conduct threat modeling for high-impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact.
- Collaborate on the triage of bug bounty submissions.
- Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration.
- Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes (via pull requests).
- Research emerging threats, new technologies, and attack techniques to inform internal security guidance and testing approaches.
- Publish technical blog posts, speak at industry conferences, or share insights with the wider security community.
- Advocate for security and privacy across engineering and product development teams.
What you bring
- 3–5+ years of experience in penetration testing, application security, or security engineering.
- Proficiency in reading and reviewing Go and Python source code.
- Strong grasp of web application security principles, authentication and authorization models, and common vulnerability patterns.
- Experience with vulnerability research, business logic flaws, and application-layer abuse patterns.
- Familiarity with Linux systems, intrusion detection, and common log formats.
- Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes).
- Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices.
- Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders.
- Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA.
Bonus points
- Experience in the financial technology (fintech) industry or highly regulated environments.
- Passion for improving security through fixing—not just finding—vulnerabilities.
- Demonstrated history of challenging security assumptions and creatively solving complex problems.
In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.
Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed.
Base Pay Range:
Toronto, ON
$114,750 - $135,000 CAD
Click here to learn more about our Total Rewards, which vary by region and entity.
If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.
Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.