
Robinhood
Mid
Build and tune detection logic across SIEM, EDR, and cloud telemetry for Robinhood's SecOps team
This role sits on Robinhood's Security Operations team, investigating alerts across SIEM, EDR, and cloud platforms, writing and tuning detection rules with query languages, and contributing to SOAR automation. It's hands-on detection engineering and incident response work based in Ljubljana, with an on-call rotation.
Step into this interview
Free · a live voice mock calibrated to this exact role
What this interview tests
- Detection rule development and tuning (SIEM/EDR/cloud)
- Query languages for detections (KQL, SQL-like)
- Alert investigation, log correlation, and containment
- Threat hunting across cloud and endpoint environments
- SOAR automation and playbook development
- Incident documentation and post-incident reviews
Common question themes
Describe a detection rule you built or tuned and its measurable impact on false positives
Walk through an incident investigation from alert to containment
How do you correlate telemetry from multiple sources to spot an attack pattern
Tell me about a threat hunt you initiated without a pre-existing alert
What SOAR playbook or automation have you built or improved
How do you write up incident findings for both technical and cross-team audiences
Related interviews

Robinhood
Mid
Machine Learning Engineer

Robinhood
Senior
Senior Machine Learning Engineer

Robinhood
Senior
Senior Product Manager, Crypto Trading

Notion
Mid
Security Engineer, Detection and Response

Netflix
Mid
Security Software Engineer (L4), Detection Engineering

Databricks
Senior