Security Engineer II - Detection and Response Team

As a Security Engineer at Rippling, you will be joining the Detection and Response Team (DART) to help build a world-class incident response function. Your role will involve responding to security events, conducting investigations, developing detection infrastructure, and automating workflows to enhance our detection and response capabilities. By leveraging your expertise in security monitoring, incident response, and threat hunting in a cloud environment, you will play a crucial role in enhancing our security posture. Key Responsibilities: - Respond to security events, triage, perform investigations, and communicate effectively with stakeholders - Contribute to process improvement and technology enhancement for detection and response - Develop tools to gather security telemetry data from cloud production systems - Automate workflows to improve identification and response time for security events - Build and optimize detection rules to focus on relevant alerts - Develop runbooks and incident playbooks for new and existing detections - Lead Threat hunting practices and suggest product and infrastructure signals for attack surface identification Qualifications Required: - 4+ years of full-time experience as a security engineer in a cloud environment - Proficiency in AWS security controls and services - Experience with coding for automation, alert enrichment, and detections - Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles - Hands-on experience with data analysis, modeling, and correlation at scale - Understanding of operating systems internals and forensics for macOS, Windows, & Linux - Familiarity with SIEM and SOAR platforms, as well as DevOps toolsets and programming languages - Understanding of malware functionality and persistence mechanisms - Ability to analyze endpoint, network, and application logs for anomalous events Please note that Rippling values in-office work for employees to promote a collaborative work environment and company culture. For office-based employees residing within a defined radius of a Rippling office, working in the office at least three days a week is considered an essential function of the role under the current policy.,