Sr. Security Application Engineer
About Rippling
Rippling is the first way for businesses to manage their HR & IT — from payroll and benefits, to employee computers and apps — all in one, modern system.
In just 90-seconds, a company can set up (or disable) an employee’s payroll, health insurance, work computer, and third-party apps, like Gmail, Microsoft Office, and Slack. It’s the only platform that truly unifies every employee system, and automates all of the administrative work.
Rippling is HQ in San Francisco and has raised $60M in Series A funding from top-tier investors, including Kleiner Perkins, Initialized, DFJ, and Y Combinator.
About the Role:
We're looking for a hands-on senior security engineer to play a key role in building out Rippling's security program. The breadth of Rippling's product provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business. As an early member of Rippling's security team, you'll have an outsized impact on the priorities and direction of the security program.
You Will:
- Identify and model threats
- Implement technologies and processes to prevent attacks at all layers across Rippling's network and application
- Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation.
- Review application designs and solutions. Provide assessments.
- Establish software development practices that make security an integral part of the development processHelp build a world-class security teamRun external penetration testing
- Manage a bug bounty program
- Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.
Requirements:
- 3+ years of experience in a security engineering function
- Fluency with application security
- Deep familiarity with common application vulnerabilities and how to prevent them
- Experience in application development with at least one modern programming language.
- Proven track record of taking initiative and leading projects
- Ability to balance risk and other tradeoffs in a dynamic environment
- Knowledge of web application architectures
- Knowledge of threat modeling
- Knowledge of dynamic code scanners such as AppScan or Qualys.
Bonus Points For:
- Familiarity with identity management protocols (e.g. OpenId, SAML, OAuth, LDAP) and related security principles
- Familiarity with device management (e.g. MDM) and related security principles
- Experience with penetration testing or red team exercises
Benefits
- Medical, dental, vision, FSA, HSA, life, disability and commuter benefits
- Unlimited PTO
- Top-tier veteran founding team & investors
- Meeting-light culture and daily catered lunch empower you to get the most done
- Competitive compensation (salary, equity)
Rippling is an equal opportunity employer.