Senior Security Engineer, Corporate Security

About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About The Role

Rippling is looking for a Senior Security Engineer, Corporate Security to join our Corporate Security team. Our mission is to reduce organizational risk by securing the tools and platforms Rippling employees use every day—SaaS apps, internal tools, endpoints, and email. We help the business make safer decisions by building secure defaults, automating away risky behavior, and working directly with stakeholders to understand and mitigate threats.

As a Senior Engineer on CorpSec, you’ll drive projects that span technical execution, stakeholder engagement, and strategic planning. You’ll work closely with the Detection and Response, IT products, Infrastructure, Legal, and Compliance teams to improve how we manage access, detect abuse, and remediate risk—often through automation and thoughtful process design.

What You’ll Do

• Lead end-to-end security projects that secure core enterprise systems like Google Workspace, Atlassian, Salesforce, and Slack.
• Design and implement scalable access controls, including least privilege policies, automated approvals, and audit workflows.
• Deploy and tune security tooling (e.g. email security platforms, CASB/SWG, SaaS DLP tools) to reduce risk across our corp environment.
• Automate security workflows that reduce manual effort, close the loop on findings, and improve team efficiency.
• Write one-pagers and RFCs that clarify risk, propose solutions, and drive alignment with cross-functional stakeholders.
• Partner with Detection & Response to improve phishing protection and support incident investigations involving corp tools or user accounts.
• Mentor teammates and contribute to the team’s technical direction through design reviews and hands-on collaboration.

Sample Projects You Might Work On

• Rolling out a new email security solution and defining phishing detections in partnership with Detection & Response.
• Building an approval system for Chrome extensions and auto-whitelisting trusted ones using Google's API.
• Automating Slack-based remediation for publicly shared sensitive Google Docs.
• Restricting 3rd-party app access in Google Workspace and driving stakeholder alignment on exceptions.
• Threat modeling Salesforce and improving visibility into high-risk integrations and data access patterns.

What We're Looking For

• 5+ years of experience in security or software engineering, ideally with exposure to SaaS, corp IT, or access management.
• Strong programming skills (e.g. Python, Go) and a track record of building automation that solves real problems.
• Experience with one or more of: identity and access management, SaaS security tooling, DLP, insider threat detection, or phishing protection.
• Clear, empathetic communication skills—especially when working with stakeholders outside of engineering.
• Ability to turn ambiguous problems into scoped projects, define success metrics, and drive them to completion.
• Comfortable owning projects end-to-end and proactively reducing blockers for others.

What Success Looks Like

• You lead multi-stakeholder projects that reduce security risk and are measurable, repeatable, and automated.
• You deliver projects that enable safe default behaviors, reduce operational toil, or improve visibility into corp risk.
• You can clearly communicate security tradeoffs to engineering and business teams, and drive alignment across orgs.
• You build systems that last—flexible, reusable, and easy for others to extend or maintain.

Key skills/competency

• Corporate Security
• SaaS Security
• Access Management
• Automation
• Identity Management
• Phishing Protection
• DLP
• Python
• Go
• Threat Modeling