Privacy Engineer

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @  addresses.

We are seeking a highly experienced Staff Security Engineer (L8) to help build out our Privacy Engineering & Response team under the Security organization reporting to our Director of Security Operations. This critical role will be instrumental in safeguarding our data privacy and ensuring compliance with evolving regulatory requirements. You will own data privacy incidents, lead proactive projects to prevent future occurrences, and contribute to our data protection initiatives through automation and system development.

We are looking for someone with a strong background in privacy engineering, proven technical depth, familiarity with key regulatory frameworks (e.g., HIPAA, GDPR, and CCPA), and the ability to translate regulatory requirements into scalable, privacy‑by‑design solutions.

• Data Privacy Incident Ownership: Own privacy‑related incidents (e.g., data misuse, misdirection of PII/PHI, or regulatory exposure) from identification to resolution. Work cross‑functionally with Privacy Legal, Security, and Engineering to manage and mitigate risks.
• Proactive Privacy Projects: Lead initiatives that reduce or prevent privacy incidents. Define scope, set objectives, and deliver impactful outcomes that scale across the company.
• Team Charter Development: Contribute significantly to building out the charter for the Privacy Engineering & Response team, defining its mission, scope, and operational procedures, shaping its long‑term impact.
• Data Protection & Security Automation: Play a key role in our data protection and data security initiatives by automating processes such as data inventory, data classification, and data tagging.
• Violation Reporting System: Design and build a system to effectively report data violations, ensuring timely and accurate communication of incidents.
• Regulatory Compliance: Apply your expertise in privacy engineering and familiarity with regulatory compliance requirements, including but not limited to HIPAA, GDPR, and CCPA, to all aspects of your work.
• Privacy‑by‑Design Integration :
  Embed privacy‑by‑design principles into the product development lifecycle. Influence product and engineering teams to address risks proactively before launch.

• Proven experience in Privacy Engineering, with a track record of measurable impact (e.g., reducing incident frequency/severity, shortening investigation timelines, scaling compliance via automation), including developing and implementing privacy‑enhancing technologies (PETs) and data anonymization techniques.
• Deep understanding of global privacy regulations such as GDPR, CCPA, HIPAA, and LGPD, with the ability to translate legal and regulatory requirements into technical specifications and implement privacy‑by‑design solutions.
• Excellent collaboration, and communication skills, with the ability to work effectively cross‑functionally with legal, engineering, product, and other stakeholders to embed privacy into all aspects of the business.
• Demonstrated experience in conducting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs), as well as identifying and mitigating privacy risks, and developing and implementing privacy controls using privacy risk management frameworks and tools.
• Familiarity with…