Staff Application Security Engineer
About The Role
We're looking for a hands-on staff security engineer to play a key role in building Rippling's security program. Rippling's product’s scope provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business. As an early member of Rippling's security team, you'll have a meaningful impact on the security program’s priorities and direction.
About the team
We are a diverse team of skilled security engineers that are passionate about pushing the boundaries of security practices. We look to collaborate with our Engineering partners to find the right solution for our interesting challenges. Our team thrives on re-imagining approaches to traditional security to secure our vast ecosystem.
Our achievements are shared through our blogs and at conferences and meetups.
A little more about our team:
Our Infrastructure Security team shared a blog about how they streamlined AWS access
We spoke at BSides SF about attacking and defending infrastructure with terraform
Our Product Security lead talked about the Future Application Security Engineers
What You'll Do
Build security tooling and automations to help scale the Product Security team’s practices
Threat-model application designs and solutions and provide security assessments.
Audit source code and perform code review for critical application changes
Mentor software engineering teams in security best practices
Provide hands-on remediation guidance to development teams
Review & establish software development practices that make security an essential part of the development process
Develop / Integrate security into the Software Development Life Cycle
8+ years of experience in an product security role
Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities
Deep understanding of securing web applications
Fluency in Python, React, and Django Rest Framework
Experience with manual source code review, and embedding security to code in production environments.
Experience with deploying application security tools in the CI/CD pipeline
Experience with securing software development lifecycle including building programs that eliminate full classes of vulnerabilities
Good understanding of SSO, including OAUTH, SAML
Experience with speaking at meetups or conferences
Experience running a bug bounty program