Staff Product Security Engineer
San Francisco, CA, United States
Ripple
Ripple is the leading provider of crypto solutions for businesses. Learn how we’re helping organizations of all sizes drive impact with the power of crypto.Product Security Engineer (Staff Engineer and above)
Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for passionate Information Security professionals to build a world class Information Security program. As part of the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.
In this role, you will be a technical Infosec leader ensuring the security of Ripple’s product line and mentoring other Infosec engineers. You will be providing detailed threat models for all products and services and ensure that the required detection and prevention controls meet the most stringent standards. The role will report to our Director of Security and Operations and will be in regular collaboration with the technical leaders across our engineering and cloud operations teams.
WHAT YOU’LL DO:
- Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences
- Lead initiatives with Engineering teams to effectively model threats and mitigate risk
- Evangelize a positive security culture across the Engineering organization
- Relentlessly champion for security outcomes on behalf of our customers
- Work with other engineering leaders to embed security into day-to-day development processes
- Help proactively assess security risk through product deep dives, threat modeling, and design, architecture and implementation reviews.
- Review and enhance existing security processes related to product assessments, pen testing, and bug bounty findings
- Develop product security controls and monitoring strategies to grow our threat detection capabilities
- Identify opportunities for security tooling and automation.
WHAT WE’RE LOOKING FOR:
- 8 years of experience in Information Security
- Proven experience with the application of threat modeling and other risk identification techniques
- Strong working knowledge of the OWASP top 10, including details of common vulnerabilities
- Experience with authentication and authorization standards including OAuth and SAML and their weaknesses.
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
- Experience with Amazon Web Services and Google Cloud Platform
- Advanced level coding skills (Java is a plus)
- Results oriented, values collaboration, self-motivated
- Someone willing to adapt to change in a fast moving environment
- Inclusive leadership and teamwork skills
- Results oriented, values collaboration, self-motivated
- Above all, a team player that can handle challenging situations, a rapidly maturing security culture, and an eagerness to mentor less experienced engineers
WHAT WE OFFER:
- The chance to work in a fast-paced start-up environment with experienced industry leaders
- A learning environment where you can dive deep into the latest technologies and make an impact
- Competitive salary and equity
- 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
- 401k (with match), commuter benefits
- Industry-leading parental leave policies
- Generous wellness reimbursement and weekly onsite programs
- Flexible vacation policy - work with your manager to take time off when you need it
- Employee giving match
- Modern office in San Francisco’s Financial District
- Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
- Weekly company meeting - ask me anything style discussion with our Leadership Team
- Team outings to sports games, happy hours, game nights and more!
Ripple is flexible-first: Ripplers have the option to work remotely, from our offices, or a combination.
WHO WE ARE:
Ripple is doing for value what the internet did for information: enabling its instant and seamless flow around the world. We call this the Internet of Value (IoV). Using blockchain and cryptocurrency technology, Ripple is dedicated to creating powerful gains in financial efficiency, equity and inclusion. In addition, Ripple is developing and enabling the future use cases that will catalyze the new digital economy for governments, businesses and consumers.
Ripple has offices in San Francisco (HQ), New York, London, Mumbai, Singapore, São Paulo, Toronto, Reykjavík, Washington D.C. and Dubai.
Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance. Please find our UK/EU Applicant Privacy Notice and our California Applicant Privacy Notice for reference.Tags: Automation Blockchain C Cloud Crypto Exploits GCP Java Monitoring OWASP Pentesting Privacy Product security SAML Threat detection Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex hours Flex vacation Health care Insurance Medical leave Parental leave Snacks / Drinks Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs