Senior Security Engineer - Detection and Response
About the job
We're looking for a hands-on senior security engineer to play a key role in Rippling's security program. As a member of Rippling's security team you will automate day-to-day DART tasks, collect data to report on the success of our protective controls, and write new detection logic. You will work closely with other members of the security and broader engineering organizations to enhance and support our security efforts.
What You’ll Do
Develop and run tools to gather security telemetry data from cloud production systems
Automate workflows and improve identification and response time for security events
Build and optimize detection rules
Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders
Contribute to improving processes, procedures, and technologies used for detection and response
Drive development and improvements in Security Incident and Event Management, Case Management, and Automation.
Develop runbooks and incident playbooks for new and existing detections
Lead Threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls
What We’re Looking For
4+ years of full-time experience as a security engineer, including security monitoring, incident response, and threat hunting
Prior experience leading complex investigations with a large number of stakeholders
Practical understanding of common attacks and how they work.
Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
Hands-on experience with data analysis, modeling, and correlation at scale
Operating systems internals and forensics experience for macOS, Windows & Linux
Domain experience managing and working with current SIEM and SOAR platforms
Experience developing tools and automation using common DevOps toolsets and programming languages
Understanding of malware functionality and persistence mechanisms
Ability to analyze endpoint, network, and application logs for anomalous events
Something looks off?