Staff Security Engineer

About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About the role

Rippling is looking for a Staff Security Engineer to join our Corporate Security team. Our mission is to reduce organizational risk by securing the tools and platforms Rippling employees use every day - SaaS apps, internal tools, endpoints, and email. We help the business make safer decisions by building secure defaults, automating away risky behavior, and working directly with stakeholders to understand and mitigate threats.

As a Staff Engineer on CorpSec, you'll own the technical direction of high-impact security programs that span multiple teams, systems, and business functions. You'll set the standard for how Corporate Security operates - defining strategy, building foundational systems, and driving complex initiatives from ambiguous problem to measurable outcome.

You'll work across Detection and Response, IT Products, Infrastructure, Legal, Compliance, and engineering leadership to shape how Rippling manages access, detects abuse, and remediates risk at scale.

This is not a role where you wait for requirements. You identify the highest-leverage problems, build conviction around the right approach, and bring the organization along with you.

What You’ll Do

• Define and drive the technical roadmap for one or more Corporate Security domains (e.g., SaaS security, access governance, data protection, email security).
• Build foundational systems and frameworks - access control platforms, automation pipelines, policy enforcement engines.
• Write, deploy, and operate code in AWS to automate corporate security processes
• Lead complex, multi-quarter programs that secure core enterprise systems like Google Workspace, Atlassian, Salesforce, Okta, and Slack
• Design scalable access governance models including least privilege enforcement, automated provisioning/deprovisioning, continuous access reviews, and exception management frameworks.
• Evaluate, deploy, and own the architecture of security tooling, making build-vs-buy decisions and ensuring tools integrate cleanly into the broader security stack.
• Build automation that eliminates classes of risk, not just individual findings - designing systems that are reusable, observable, and maintainable by the broader team.
• Author strategy documents, architecture proposals, and RFCs that frame risk in business terms, evaluate tradeoffs rigorously, and drive executive and cross-functional alignment.
• Raise the technical bar across the team - through architecture reviews, mentorship, pair programming, and establishing engineering standards and patterns that others adopt.
• Represent Corporate Security in cross-organizational initiatives, security reviews, and vendor evaluations - acting as the authoritative technical voice for corp security posture.

Sample Projects You Might Work On

• Defining Corporate Security's automation and AI strategy - building shared libraries, patterns, and infrastructure that enable the team to ship security automation faster and more reliably.
• Implement guardrails for secure use of AI, including agent identities and restrictions
• Architecting an access governance framework for third-party SaaS applications - automated discovery of shadow IT, risk-scored app classification, approval workflows, and continuous compliance monitoring.
• Building an end-to-end remediation platform that detects sensitive data exposure across SaaS tools (Google Drive, Slack, Confluence), auto-remediates based on policy, and provides audit trails for compliance.
• Threat modeling critical applications and processes end-to-end by mapping data flows, high-risk integrations, and admin capabilities, then designing and implementing controls that improve visibility and reduce the blast radius of compromise.

What We're Looking For

• 8+ years of experience in security engineering or software engineering, with deep expertise in at least two of: SaaS security, identity and access management, data loss prevention, macOS endpoint security, or insider threat detection.
• Strong software engineering fundamentals (e.g., Python, Go) with a track record of designing and building production systems - not just scripts, but platforms and frameworks that others extend.
• Experience writing, deploying, and operating systems in AWS with engineering best practices
• Demonstrated ability to lead technical programs across multiple teams and stakeholders without direct authority - influencing through clarity of thinking, written communication, and technical credibility.
• Experience making build-vs-buy decisions for security tooling and owning the architecture of vendor-provided solutions within a broader security stack.
• Proven ability to take ambiguous, org-wide problems and turn them into structured programs with clear milestones, success metrics, and stakeholder buy-in.
• Excellent written communication - you can write a strategy doc that an executive, a lawyer, and an engineer all find useful.
• Experience mentoring engineers and raising team capabilities through design reviews, technical standards, and leading by example.
• Comfort operating at both the strategic and hands-on level - you can set a 6-month roadmap in the morning and debug an API integration in the afternoon.

What Success Looks Like

• You own and deliver multi-quarter programs that materially reduce corporate security risk - and you can point to metrics that prove it.
• You build systems and frameworks that become the foundation for how the team operates - not one-off solutions, but reusable platforms that scale.
• You are the person other teams come to when they need to understand corporate security risk, evaluate a tradeoff, or design a secure workflow - and you make them better for it.
• You raise the bar for the entire CorpSec team - through the quality of your technical work, the clarity of your writing, and the standard you set for how projects are scoped, executed, and communicated.
• You identify and drive high-leverage initiatives before being asked - seeing gaps, building conviction, and bringing the organization along.
• Your work is visible to leadership - not because you seek visibility, but because the impact speaks for itself.

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accommodations@rippling.com.

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.

A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.

The pay range for this role is: 189,000 - 315,000 USD per year(US Tier 1)