Design a secure trading app on AWS
Company: Robinhood
Role: Software Engineer
Category: System Design
Difficulty: medium
Interview Round: Technical Screen
## Scenario
Design a **secure, Robinhood-like mobile/web application on AWS**, with a deep dive into:
1. **User profile management** (account creation, authentication, PII storage, profile updates)
2. **Stock query** (searching symbols and retrieving near-real-time quotes)
Assume this is a regulated financial product (PII, auditability, strong security). You may treat **order placement/execution** as out of scope unless needed for completeness.
## Functional requirements
### User profile management
- Sign up / sign in / sign out
- MFA support
- Store and manage user profile data (name, email/phone, address, KYC status, preferences)
- Allow profile updates (with appropriate authorization and audit trail)
- Account recovery (password reset)
### Stock query
- Search stocks by ticker/company name (prefix search)
- Fetch a quote for a symbol (price, bid/ask, timestamp)
- Handle high read QPS with low latency
## Non-functional requirements
- Strong security: encryption, least privilege, secrets management, WAF/rate limiting
- Compliance/audit: immutable logs of profile changes and access
- High availability and scalability
- Reasonable freshness for quotes (e.g., seconds), with graceful degradation
## Deliverables
- High-level architecture on AWS
- Key data models/stores
- API surface (example endpoints)
- Security model and threat mitigations
- Scalability and reliability approach (caching, multi-AZ/region, DR)
Quick Answer: This System Design question evaluates secure cloud-based architecture on AWS, covering competencies in authentication and authorization, PII handling and auditability, API and data model design, and scalable low-latency market-data retrieval.