Staff Product Security Engineer

About The Role

We're looking for a hands-on staff security engineer to play a key role in building Rippling's security program. Rippling's product’s scope provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business. As an early member of Rippling's security team, you'll have a meaningful impact on the security program’s priorities and direction.

About the team

We are a diverse team of skilled security engineers that are passionate about pushing the boundaries of  security practices. We look to collaborate with our Engineering partners to find the right solution for our interesting challenges. Our team thrives on re-imagining approaches to traditional security to secure our vast ecosystem.

Our achievements are shared through our blogs and at conferences and meetups. 

A little more about our team:

• Our Infrastructure Security team shared a blog about how they streamlined AWS access 

• We spoke at BSides SF about attacking and defending infrastructure with terraform

• Our Product Security lead talked about the Future Application Security Engineers

• Our Security Engineering lead talk about an innovative way to reduce vulnerabilities in your organization 

What You'll Do

• Develop and maintain a security architecture strategy, evaluate security technologies, and ensure compliance through design and architecture reviews.

• Provide full SDLC support for new product features developed by engineering and non-engineering teams, including threat modeling, design reviews, manual code reviews, and exploit writing.

• Conduct system security and vulnerability analyses, provide risk mitigation recommendations, and mentor team members in security best practices.

• Build automations or secure paved paths to make it easier for Product Security to scale with the business.

Qualifications

• 10+ years of experience in an product security role

• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities

• Familiar with security frameworks (e.g., NIST SSDF) and regulations (e.g., GDPR, HIPAA).

• Deep understanding of securing web applications

• Fluency in Python, React, and Django Rest Framework

• Experience with manual source code review, and embedding security to code in production environments.

• Experience with deploying application security tools in the CI/CD pipeline

• Experience with securing software development lifecycle including building programs that eliminate full classes of vulnerabilities

Bonus Points

• Good understanding of SSO, including OAUTH, SAML
• Experience with speaking at meetups or conferences
• Experience running a bug bounty program