Senior Security Engineer - Detection and Response

About Rippling

Rippling is the first way for businesses to manage all of their HR & IT—payroll, benefits, computers, apps, and more—in one unified workforce platform.

By connecting every business system to one source of truth for employee data, businesses can automate all of the manual work they normally need to do to make employee changes. Take onboarding, for example. With Rippling, you can just click a button and set up a new employees’ payroll, health insurance, work computer, and third-party apps—like Slack, Zoom, and Office 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.2B from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that official communication will only be sent from @Rippling.com addresses.

About The Role

We are looking for hands-on Senior Detection and Response Security Engineer to be a critical force in driving Rippling's security program forward. This role offers the opportunity to revolutionize our detection and response strategies through advanced automation, strategic data collection, and innovative detection logic. You will collaborate with our talented security team and broader engineering org to elevate and enhance our security efforts.

Key Responsibilities

Innovative Tool Development: Design and implement sophisticated tools to gather security telemetry data from cloud production systems, enhancing our ability to detect and respond to threats.

Automation and Optimization: Lead the charge in automating workflows, significantly improving the speed and accuracy of security event identification and response.

Detection Rule Development: Build and refine advanced detection rules to protect against emerging cyber threats.

Security Event Leadership: Triage, investigate, and analyze security events, providing clear, strategic communication to stakeholders.

Process and Technology Enhancement: Drive continuous improvement of processes, procedures, and technologies used for detection and response.

Strategic Development: Spearhead advancements in Security Incident and Event Management (SIEM), Case Management, and Automation frameworks.

Comprehensive Documentation: Develop detailed runbooks and incident playbooks for both new and existing detections.

Proactive Threat Hunting: Lead threat hunting initiatives, uncovering potential attack vectors and integrating findings into security controls.

Qualifications

Extensive Expertise: 4+ years of full-time experience as a security engineer, with a focus on security monitoring, incident response, and threat hunting.

Programming Skills: Proficiency in developing tools and automation using common DevOps toolsets, with a preference for Python.

Leadership in Investigations: Proven experience leading complex investigations with diverse stakeholder involvement.

Deep Technical Knowledge: Practical understanding of common attacks, adversary tactics, techniques, and procedures (TTPs), and MITRE ATT&CK principles.

Analytical Proficiency: Hands-on experience with large-scale data analysis, modeling, and correlation.

Cross-Platform Forensics: Expertise in operating systems internals and forensics for macOS, Windows, and Linux.

Platform Management: Experience managing and working with current SIEM and SOAR platforms.

Malware Insight: Strong understanding of malware functionality and persistence mechanisms.

Log Analysis Expertise: Ability to analyze endpoint, network, and application logs for anomalous events.

What We Offer

Professional Advancement: Opportunities for growth and development in a forward-thinking and innovative environment.

Collaborative Culture: Work with a passionate and dedicated team focused on security excellence.

Cutting-Edge Environment: Be part of a company that values creativity, innovation, and security leadership.

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accomodations@rippling.com

Rippling highly values in-office collaboration. Employees living within 30 miles of an office are expected to work onsite three days a week with those living 30-49.9 miles away expected to be in the office one day a week. Employees living over 50 miles away are required to relocate within 30 miles of an office.  To enhance team cohesiveness, new employees are asked to work onsite three days a week for their first six months.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.

A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.