Join the Unanimous Family

Your new chapter begins today.

Senior Security Engineer - Detection and Response



New York, NY, USA
Posted on Friday, February 17, 2023
About Rippling
Rippling is the first way for businesses to manage all of their HR & IT—payroll, benefits, computers, apps, and more—in one unified workforce platform.
By connecting every business system to one source of truth for employee data, businesses can automate all of the manual work they normally need to do to make employee changes. Take onboarding, for example. With Rippling, you can just click a button and set up a new employees’ payroll, health insurance, work computer, and third-party apps—like Slack, Zoom, and Office 365—all within 90 seconds.
Based in San Francisco, CA, Rippling has raised $1.2B from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Bedrock, and Greenoaks—and was named one of America’s best startup employers by Forbes (#12 out of 500).

About the job

We're looking for a hands-on senior security engineer to play a key role in Rippling's security program. As a member of Rippling's security team you will automate day-to-day DART tasks, collect data to report on the success of our protective controls, and write new detection logic. You will work closely with other members of the security and broader engineering organizations to enhance and support our security efforts.

What You’ll Do

  • Develop and run tools to gather security telemetry data from cloud production systems

  • Automate workflows and improve identification and response time for security events

  • Build and optimize detection rules

  • Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders

  • Contribute to improving processes, procedures, and technologies used for detection and response

  • Drive development and improvements in Security Incident and Event Management, Case Management, and Automation.

  • Develop runbooks and incident playbooks for new and existing detections

  • Lead Threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls

What We’re Looking For

  • 4+ years of full-time experience as a security engineer, including security monitoring, incident response, and threat hunting

  • Prior experience leading complex investigations with a large number of stakeholders

  • Practical understanding of common attacks and how they work.

  • Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles

  • Hands-on experience with data analysis, modeling, and correlation at scale

  • Operating systems internals and forensics experience for macOS, Windows & Linux

  • Domain experience managing and working with current SIEM and SOAR platforms

  • Experience developing tools and automation using common DevOps toolsets and programming languages

  • Understanding of malware functionality and persistence mechanisms

  • Ability to analyze endpoint, network, and application logs for anomalous events

Additional Information
This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.
Tier 1: $168,000 - $237,000/year
Tier 2: $151,000 - $214,000/year
Tier 3: $142,000 - $202,000/year
A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed above.
Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a 40 mile radius of a Rippling office), Rippling considers working in the office, at least three times a week under current policy, to be an essential function of the employee's role.
Even if you don’t meet all of the requirements listed here, we still encourage you to apply. Skills can be used in lots of different ways and your life and professional experience may be relevant beyond what a list of requirements will capture.