Staff Application Security Engineer
San Francisco, CA, USA
Posted on Tuesday, August 1, 2023
Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.
Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.
Based in San Francisco, CA, Rippling has raised $1.2B from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.
About The Role
We're looking for a hands-on staff security engineer to play a key role in building Rippling's security program. Rippling's product’s scope provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business. As an early member of Rippling's security team, you'll have a meaningful impact on the security program’s priorities and direction.
What You'll Do
- Mentor software engineering teams in security best practices.
- Threat-model application designs and solutions and provide security assessments.
- Perform dynamic security testing on Rippling products
- Audit source code and perform code review for critical application changes
- Provide hands-on remediation guidance to development teams
- Review Establish software development practices that make security an essential part of the development process
- Develop / Integrate security into the Software Development Life Cycle
- 8+ years of experience in an product security role
- Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities
- Deep understanding of securing web applications
- Fluency in Python, React, and Django Rest Framework
- Experience with manual source code review, and embedding security to code in production environments.
- Experience with deploying application security tools in the CI/CD pipeline
- Experience with securing software development lifecycle including manual and automated application security testing
- Good understanding of SSO, including OAUTH, SAML
- Experience with securing MDM software agents for Mac/Windows
Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email firstname.lastname@example.org
Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a 40 mile radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.
This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.
A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed above.