Product Security Engineer - Assurance

Pin

San Francisco or Remote (USA)

Suitcase

Rippling

About Rippling

Rippling is the first way for businesses to manage all of their HR & IT—payroll, benefits, computers, apps, and more—in one unified workforce platform.
By connecting every business system to one source of truth for employee data, businesses can automate all of the manual work they normally need to do to make employee changes. Take onboarding, for example. With Rippling, you can just click a button and set up a new employees’ payroll, health insurance, work computer, and third-party apps—like Slack, Zoom, and Office 365—all within 90 seconds.
Based in San Francisco, CA, Rippling has raised $700M from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, and Bedrock—and was named one of America’s best startup employers by Forbes (#12 out of 500).

About the Role

At Rippling our Product Security team supports our Product teams in shipping secure code through tooling, training, and policy. We are looking for a talented security Engineer to join the Assurance team with Product Security.

The Assurance team is responsible for managing and scaling the discovery and remediation of vulnerabilities in across Rippling’s products. While we work hard to be secure by design, we know bugs happen, so we also need to make use of the best tools available to find them. 

​It’s a really exciting time to join Ripping and our Security team as we go through our next growth phase. We are looking for people who are attracted to our Company's mission and are excited about securing it.

You will:

  • Be a key part of the team that runs the triage of Product vulnerabilities.
  • Automate away as much of the triaging process a possible
  •  Manage our product security scanning tools, and integrate them where Engineers work and deploy.
  • Develop security rules and testing that trains our developers and prevents security vulnerabilities to reach production.
  • Be driven by metrics and data to help the security team make good risk decisions
  • Manage and care for our bug bounty researchers. Making sure we have a healthy program

You have:

  • A passion for Cyber Security, and in particular how we can solve common problems through automation.
  • 2+ years of experience working as a Product Security or Application Security Engineer.
  • Strong application application security knowledge.
  • Experience with a range of SAST and DAST tooling.
  • Have worked on with common vulneabilitiy scoring system and understand how to adapt them to apply to a particular business.
  • Experience with common programing language (e.g. python, go).
  • Excellent communication skills.

If you don’t meet all of the requirements listed here, we still encourage you to apply. No job description is perfect, and we might find an even more suitable opportunity that matches your skills and experience.

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics.  Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accommodations[at]rippling.com.

We are committed both to the health of our employees and to promoting a safe and collaborative workplace, and vaccinations are the best way to end the COVID-19 pandemic and to protect our community. In the U.S., where permitted under federal and state law, all offers of employment will be conditioned upon new hires providing proof of vaccination prior to their start date, unless the individual qualifies for an accommodation. For all other locations, vaccinations are strongly encouraged.

CCPA Privacy Notice for California Applicants