Staff Product Security Engineer

About Rippling

Rippling is the first way for businesses to manage all of their HR & IT payroll, benefits, computers, apps, and more in one unified workforce platform.

By connecting every business system to one source of truth for employee data, businesses can automate all of the manual work they normally need to do to make employee changes.

Take onboarding, for example. With Rippling, you can just click a button and set up a new employees’ payroll, health insurance, work computer, and third-party apps like Slack, Zoom, and Office 365 all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.2B from the world’s top investors including Kleiner Perkins, Founders Fund, Sequoia, Bedrock, and Greenoaks and was named one of America’s best startup employers by Forbes (#12 out of 500).

About The Role

We're looking for a hands-on staff security engineer to play a key role in building Rippling's security program. Rippling's product’s scope provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business.

As an early member of Rippling's security team, you'll have a meaningful impact on the security program’s priorities and direction.

About the team

We are a diverse team of skilled security engineers that are passionate about pushing the boundaries of security practices.

We look to collaborate with our Engineering partners to find the right solution for our interesting challenges. Our team thrives on re-imagining approaches to traditional security to secure our vast ecosystem.

Our achievements are shared through our blogs and at conferences and meetups.

A little more about our team :

Our Infrastructure Security team shared a blog about how they streamlined AWS access

We spoke at BSides SF about attacking and defending infrastructure with terraform

Our Product Security lead talked about the Future Application Security Engineers

Our Security Engineering lead talk about an innovative way to reduce vulnerabilities in your organization

What You'll Do

Build security tooling and automations to help scale the Product Security team’s practices

Threat-model application designs and solutions and provide security assessments.

Audit source code and perform code review for critical application changes

Mentor software engineering teams in security best practices

Provide hands-on remediation guidance to development teams

Review & establish software development practices that make security an essential part of the development process

Develop / Integrate security into the Software Development Life Cycle

Qualifications

8+ years of experience in an product security role

Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities

Deep understanding of securing web applications

Fluency in Python, React, and Django Rest Framework

Experience with manual source code review, and embedding security to code in production environments.

Experience with deploying application security tools in the CI / CD pipeline

Experience with securing software development lifecycle including building programs that eliminate full classes of vulnerabilities

Bonus Points

• Good understanding of SSO, including OAUTH, SAML
• Experience with speaking at meetups or conferences
• Experience running a bug bounty program

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process.

To request a reasonable accommodation, please email [email protected]

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture.

For office-based employees (employees who live within a 40 mile radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location;

see which tier applies to your location here .

A variety of factors are considered when determining someone’s compensation including a candidate’s professional background, experience, and location.

Final offer amounts may vary from the amounts listed above.