全部面试
Robinhood logo

Robinhood

Mid

Build and tune detection logic across SIEM, EDR, and cloud telemetry for Robinhood's SecOps team

This role sits on Robinhood's Security Operations team, investigating alerts across SIEM, EDR, and cloud platforms, writing and tuning detection rules with query languages, and contributing to SOAR automation. It's hands-on detection engineering and incident response work based in Ljubljana, with an on-call rotation.

走进这场面试

免费 · 一场按这个岗位校准的真语音模拟

练这场面试

这场面试考什么

  • Detection rule development and tuning (SIEM/EDR/cloud)
  • Query languages for detections (KQL, SQL-like)
  • Alert investigation, log correlation, and containment
  • Threat hunting across cloud and endpoint environments
  • SOAR automation and playbook development
  • Incident documentation and post-incident reviews

常见提问方向

Describe a detection rule you built or tuned and its measurable impact on false positives

Walk through an incident investigation from alert to containment

How do you correlate telemetry from multiple sources to spot an attack pattern

Tell me about a threat hunt you initiated without a pre-existing alert

What SOAR playbook or automation have you built or improved

How do you write up incident findings for both technical and cross-team audiences

查看原始招聘页

相关面试