Building Security to Unlock Engineering Velocity

Authors: Shreyas Sriram Sujith Katakam

At Robinhood, we believe that safety and speed are complementary forces driving progress. SERA (Secure Enhanced Remote Approval) is our latest example — a platform that lets engineers approve securely from anywhere, combining strong authentication with intuitive design. It’s proof that when security and usability work together, innovation moves faster and safer than ever.

Security is at the center of our core values — Safety Always. It defines how we protect our customers, our data, and our infrastructure. At Robinhood, we believe strong security and great developer experience should go hand in hand, and we’re always looking for ways to make protection seamless in day-to-day engineering.

Earlier this year, our engineering and security teams came together to tackle one of those friction points: access approvals. Getting the right permissions is a normal part of software development, but for engineers at Robinhood, the process depended on using corporate laptops and VPN connections. We saw an opportunity to make the experience simpler and more efficient.

So we asked ourselves: Could we make this process faster and easier, while strengthening our security standards?

⚠️ The Challenge: Making Security Seamless

Picture this: it’s 7 PM on a Tuesday, and a production issue needs immediate attention. The on-call engineer is ready to respond, but the approver is away from their laptop. In the past, that meant a frustrating delay—finding the corporate device, connecting to the VPN, and authenticating just to approve a request.

At the time, many approvals happened through Slack. It was convenient, but it came with tradeoffs. Slack sessions could stay active for long periods, which reduced confidence that an approval reflected a fresh, intentional action. And because Slack-based workflows required public network access, they weren’t a good fit for our most sensitive systems.

To reduce that risk, we tightened our approach: certain types of access requests could only be approved from corporate devices connected to VPN. This improved our security posture but created friction for engineers, especially during off-hours or incident response. The result was slower approvals, longer wait times, and added pressure when speed mattered most.

We needed a way to keep security tight and ensure users weren’t met with friction in their work.

💡 The Breakthrough: Security and Usability Can Coexist

The breakthrough came from a simple question: how can we verify identity securely in a way that felt effortless to the user?

That idea led to SERA (Secure Enhanced Remote Approval), a new internal platform that allows employees to approve requests securely from any device—no VPN or managed laptop required. SERA combines modern authentication standards with Robinhood’s focus on usability, allowing people to complete approvals using the same biometrics they already use to unlock their phones or laptops.

By pairing a security-first mindset with an emphasis on user experience, SERA shows that safety and speed don’t have to be tradeoffs—they can reinforce each other.

🤝 How We Built It: Collaboration in Action

SERA was built through collaboration between Robinhood’s Security Engineering, Cryptography, and Infrastructure teams. Each brought deep expertise in different layers of our stack—and a shared goal of reducing friction for engineers without compromising trust.

Together, the teams designed a flow that starts in a high-trust environment and ends with flexibility.

• Employees initiate credential setup from a corporate device connected to VPN, ensuring new secure credentials (known as passkeys) are created in a trusted environment.
• Once enrolled, those same credentials can be used to approve requests from personal devices, using built-in biometric authentication.

Behind the scenes, SERA verifies each approval request, records the decision, and makes the result available to internal services—all while keeping high-privilege systems protected inside our network.

The outcome: a system that’s secure by design but intuitive to use.

📈 The Impact: Faster Approvals, Happier Engineers

Since rolling out SERA, users have noticed the difference immediately.

SERA now powers a growing share of internal approvals, handling over a quarter of all after-hours requests—the moments where quick action matters most. On average, approval times have improved by more than 20%, reducing the time engineers spend blocked and improving overall engineering velocity.

The feedback has been overwhelmingly positive. Users describe SERA as “a game changer” because it combines high assurance with everyday convenience.

🧠 Designing Security That Scales

Building a system like SERA isn’t just about speed—it’s about doing speed safely. The team took a thoughtful, layered approach to ensure that each design and engineering decision strengthened trust without adding friction.

• Trusted enrollment: New credentials can only be initiated from within the VPN, ensuring they start from a verified, secure device.
• Device trust: Each registration is tied to a specific device and browser context, providing continuity and control.
• Risk-based approach: Today, SERA covers low- to medium-risk actions, while higher-sensitivity operations continue to use additional verification layers.
• Auditability: Every approval leaves a tamper-evident record, giving us complete traceability for investigations and compliance.

These guardrails help ensure that as SERA scales, our confidence in every action remains just as strong.

🚀 What’s Next

SERA started as a way to speed up access approvals, but its potential goes far beyond that. The same foundation can support pull request approvals, deployment gating, and other human-in-the-loop workflows that require verified user intent.

More broadly, SERA embodies how we approach security at Robinhood: through engineering, not compromise.

We believe the safest systems are the ones that make it easy for people to do the right thing.

💚 Closing Thought

At Robinhood, we see security as something that enables our success — it is a design problem waiting to be solved. SERA is one example of how our teams work together to create solutions that protect users, empower engineers, and move fast responsibly.

If you're passionate about solving real-world security problems at scale—whether it's authentication, infrastructure hardening, or building next-gen detection—we'd love to hear from you.

👉 Check out our open roles on the careers page and join us in democratizing finance for all. Securely.