Senior Security Engineer - Corporate Security Engineering Remote (United States)

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @ Rippling.com addresses.

Rippling is looking for a Senior Security Engineer to join our Corporate Security team. Our mission is to reduce organizational risk by securing the tools and platforms Rippling employees use every day—SaaS apps, internal tools, endpoints, and email. We help the business make safer decisions by building secure defaults, automating away risky behavior, and working directly with stakeholders to understand and mitigate threats.

As a Senior Engineer on CorpSec, you’ll drive projects that span technical execution, stakeholder engagement, and strategic planning. You’ll work closely with the Detection and Response, IT products, Infrastructure, Legal, and Compliance teams to improve how we manage access, detect abuse, and remediate risk—often through automation and thoughtful process design.

• Lead end-to-end security projects that secure core enterprise systems like Google Workspace, Atlassian, Salesforce, and Slack.
• Design and implement scalable access controls , including least privilege policies, automated approvals, and audit workflows.
• Deploy and tune security tooling (e.g. email security platforms, CASB/SWG, SaaS DLP tools) to reduce risk across our corp environment.
• Automate security workflows that reduce manual effort, close the loop on findings, and improve team efficiency.
• Write one-pagers and RFCs that clarify risk, propose solutions, and drive alignment with cross-functional stakeholders.
• Partner with Detection & Response to improve phishing protection and support incident investigations involving corp tools or user accounts.
• Mentor teammates and contribute to the team’s technical direction through design reviews and hands-on collaboration.

• Rolling out a new email security solution and defining phishing detections in partnership with Detection & Response.
• Building an approval system for Chrome extensions and auto-whitelisting trusted ones using Google's API.
• Automating Slack-based remediation for publicly shared sensitive Google Docs.
• Restricting 3rd-party app access in Google Workspace and driving stakeholder alignment on exceptions.
• Threat modeling Salesforce and improving visibility into high-risk integrations and data access patterns.

• 5+ years of experience in security or software engineering, ideally with exposure to SaaS, corp IT, or access management.
• Strong programming skills (e.g. Python, Go) and a track record of building automation that solves real problems.
• Experience with one or more of: identity and access management, SaaS security tooling, DLP, insider threat detection, or phishing protection.
• Clear, empathetic communication skills—especially when working with stakeholders outside of engineering.
• Ability to turn ambiguous problems into scoped projects, define success metrics, and drive them to completion.
• Comfortable owning projects end-to-end and proactively reducing blockers for others.

• You lead multi-stakeholder projects that reduce security risk and are measurable, repeatable, and automated.
• You deliver projects that enable safe default behaviors, reduce operational toil, or improve visibility into corp risk.
• You can clearly communicate security tradeoffs to engineering and business teams, and drive alignment across orgs.
• You build systems that last—flexible, reusable, and easy for others to extend or maintain.
  

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accomodations@rippling.com

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here .

A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.

The pay range for this role is:

159,000 - 278,250 USD per year (US Tier 1)

143,100 - 250,425 USD per year (US Tier 2)

135,150 - 236,513 USD per year (US Tier 3)