Security Engineer - Detection and Response Team

About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.8B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @ Rippling.com addresses.

About the role

We are looking for an experienced Security Engineer to join our Detection and Response Team (DART).  You will help us build out a world class incident response function that will navigate challenging security incidents, drive process improvement, develop an open culture where we grow from our mistakes as an organization.   In this role, you will also build the tools and detection infrastructure that we need to scale our detection and response capability across all threats to our Production and Corporate environments.

What you will do

• Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders
• Contribute to improving processes, procedures, and technologies used for detection and response, enabling us to improve after each incident
• Develop and run tools to gather security telemetry data from cloud production systems
• Automate workflows and improve identification and response time for security events
• Build and optimize detection rules, allowing us to spend our cycles on the alerts that matter
• Develop runbooks and incident playbooks for new and existing detections
• Lead Threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls

What you will need

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.