Job
Description
About Rippling Rippling, based in San Francisco, CA, has secured over $1.4B from renowned investors such as Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock. The company has been recognized as one of America's best startup employers by Forbes. Rippling prioritizes candidate safety, ensuring that all official communications are exclusively sent from @Rippling.com addresses. About The Role Rippling is seeking an experienced Security Engineer to join the Detection and Response Team (DART). As a member of the team, you will play a crucial role in establishing a top-notch incident response function that effectively handles challenging security incidents. Your responsibilities will include driving process enhancements, fostering an open culture of learning from mistakes, and constructing the necessary tools and detection infrastructure to scale our threat response capabilities across both Production and Corporate environments. What You Will Do - Respond promptly to security events, conduct triage, investigations, and incident analysis, and communicate findings effectively to stakeholders. - Contribute to the enhancement of processes, procedures, and technologies for detection and response to ensure continual improvement post-incident. - Develop and manage tools for collecting security telemetry data from cloud-based production systems. - Automate workflows to streamline identification and response times for security events. - Create and refine detection rules to focus efforts on critical alerts. - Establish runbooks and incident playbooks for new and existing detections. - Lead Threat hunting practices, recommend signals for detecting attacks in product and infrastructure, and incorporate discoveries into security controls. What You Will Need - Minimum of 12 years of full-time experience as a security engineer, encompassing security monitoring, incident response, and threat hunting in a cloud environment. - Possess a defensive mindset while understanding offensive security and the scenarios leading to compromise. - Proven experience in managing complex investigations involving numerous stakeholders. - Excellent communication skills with a track record of effectively engaging with internal and external stakeholders of all levels. - Expertise in AWS security controls and services. - Proficiency in coding for automation, alert enrichment, and detections. - Familiarity with adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles. - Hands-on experience in data analysis, modeling, and correlation at scale. - Strong background in operating systems internals and forensics for macOS, Windows, and Linux. - Domain expertise in handling current SIEM and SOAR platforms. - Experience in developing tools and automation using common DevOps toolsets and programming languages. - Understanding of malware functionality and persistence mechanisms. - Ability to analyze endpoint, network, and application logs for unusual events. Additional Information Rippling places significant value on having in-office employees to promote a collaborative work environment and company culture. For office-based employees residing within a specified radius of a Rippling office, working in the office for at least three days a week is considered an essential function of their role under the current policy.,
