Senior App Sec Engineer

About Rippling

Rippling is the first way for businesses to manage their HR & IT — from payroll and benefits, to employee computers and apps — all in one, modern system. 

In just 90-seconds, a company can set up (or disable) an employee’s payroll, health insurance, work computer, and third-party apps, like Gmail, Microsoft Office, and Slack. It’s the only platform that truly unifies every employee system, and automates all of the administrative work. 

Rippling is HQ in San Francisco and has raised $60M in Series A funding from top-tier investors, including Kleiner Perkins, Initialized, DFJ, and Y Combinator. 

About The Role

We're looking for a hands-on senior security engineer to play a key role in building out Rippling's security program.  The breadth of Rippling's product provides a unique set of security challenges, but our management is especially supportive of security and compliance as a central function of the business.  As an early member of Rippling's security team, you'll have an outsized impact on the priorities and direction of the security program.

What You'll Do: 

• Support our increasing customer volume by scaling our platform
• Speed up our platform so that users can perform their tasks quickly
• Build automation and tools for other engineers to develop high-quality software
• Ship incrementally and continually at high velocity
• Mentor others with your expertise and learn from the team about cutting edge technologies
• Collaborate with exceptional team members located in San Francisco and Bengaluru

Qualifications:

• Identify and model threats
• Implement technologies and processes to prevent attacks at all layers across Rippling's network and application
• Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation
• Review application designs and solutions
• Provide assessments
• Establish software development practices that make security an integral part of the development process
• Help build a world-class security team
• Run external penetration testing
• Manage a bug bounty program 
• Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.