Product Security Engineer

Staff Product Security Engineer

Rippling New York, New York, United States

We’re looking for a hands‑on staff security engineer to play a key role in building Rippling’s Product Security program. Rippling’s product scope provides a unique set of security challenges, and our management is especially supportive of security and compliance as a central function of the business. As an early member of the security team, you’ll have a meaningful impact on the program’s priorities and direction.

We are a diverse team of skilled security engineers passionate about pushing the boundaries of security practices. We collaborate with Engineering partners to find the right solutions for our challenges and thrive on re‑imagining approaches to traditional security to help secure our vast ecosystem.

• Build guardrails and controls to eliminate full classes of vulnerabilities within the Rippling application
• Build security tooling and automations to help scale the Product Security team’s practices
• Threat‑model application designs and solutions and provide security assessments
• Audit source code and perform code review for critical application changes
• Mentor software engineering teams in security best practices
• Provide hands‑on remediation guidance to development teams
• Review and establish software development practices that make security an essential part of the development process
• Develop and integrate security into the Software Development Life Cycle

• 10+ years of experience in a product security role
• Experience leading architectural changes or complex cross‑team efforts to mitigate security vulnerabilities
• Deep understanding of securing web applications
• Fluency in Python, React, and Django Rest Framework
• Experience with manual source code review and embedding security into code in production environments
• Experience with deploying application security tools in the CI/CD pipeline
• Experience with securing the software development lifecycle, including building programs that eliminate full classes of vulnerabilities

• Good understanding of SSO, including OAuth, SAML
• Experience speaking at meetups or conferences
• Experience running a bug bounty program

The pay range for this role is: 189, USD per year (US Tier
1).

Rippling is an equal‑opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics. Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process.

To request a reasonable accommodation, please email

Rippling highly values in‑office collaboration. Employees living within 30 miles of an office are expected to work onsite three days a week, those 30–49.9 miles away are expected to be in the office one day a week, and employees living over 50 miles away are required to relocate within 30 miles of an office. New employees are asked to work onsite three days a week for their first six months.

This role will receive a competitive salary, benefits, and equity. Final offer amounts may vary and are based on location, experience, and other factors.