Demo

Senior Security Incident Response Engineer

Rippling
San Francisco, CA Full Time
POSTED ON 2/19/2025
AVAILABLE BEFORE 5/17/2025

About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365-all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B from the world's top investors-including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock-and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About The Role

We are looking for a Senior Security Incident Response Engineer to join our Detection and Response Team (DART). In this role, you will be at the forefront of handling security incidents, working to investigate, contain, and mitigate threats across Rippling's environments. You will play a pivotal role in developing and optimizing our incident response function, ensuring that security incidents are managed efficiently and effectively, while continuously improving our processes and infrastructure.

You will work alongside cross-functional teams to respond to complex security incidents, drive improvements in detection and response capabilities, and create scalable solutions to manage and address emerging threats. This is an opportunity to build out Rippling's incident response function from the ground up, providing leadership and technical expertise to secure our production and corporate environments

What You Will Do

  • Lead and coordinate the response to security incidents, including triage, investigation, analysis, and communication to internal and external stakeholders.
  • Develop and maintain incident response playbooks and runbooks for new and existing threat scenarios.
  • Automate and optimize workflows for detection, incident analysis, and response, improving the speed and effectiveness of incident handling.
  • Improve security detection capabilities through rule development, tuning, and proactive threat hunting to identify potential attack vectors.
  • Conduct root cause analysis of incidents and suggest improvements to processes and technologies to prevent future occurrences.
  • Collaborate with teams across Rippling to implement security measures and mitigation strategies that enhance detection and response capabilities.
  • Provide expert input on the design and implementation of security controls, processes, and automation tools.

What You Will Need

  • Strong communication skills, with the ability to communicate complex security findings to both technical and non-technical stakeholders.
  • 7 years of hands-on experience in security incident response, including detection, investigation, and containment of security incidents in cloud and on-premise environments.
  • Strong expertise in leading security incident investigations and managing complex incidents involving multiple stakeholders.
  • Advanced knowledge of cloud security, particularly AWS, including security controls and monitoring services.
  • Proficiency in using SIEM, SOAR, and other security tools to monitor, investigate, and respond to security incidents.
  • Strong knowledge of adversary tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK.
  • Ability to analyze and correlate large sets of security data to identify anomalous activity and potential security incidents.
  • Expertise in malware analysis, endpoint forensics, and persistence mechanisms.
  • Experience in developing security automation using scripting and programming languages such as Python, Bash, or PowerShell.
  • Deep understanding of operating system internals and forensic analysis techniques for macOS, Windows, and Linux environments.
  • Experience with threat hunting and proactive detection of advanced persistent threats (APTs).
  • If you are a skilled and motivated Security Incident Response professional looking to join an innovative team dedicated to building world-class security defenses, we would love to hear from you!

    Additional Information

    Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accomodations@rippling.com

    Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

    This role will receive a competitive salary benefits equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.

    A variety of factors are considered when determining someone's compensation-including a candidate's professional background, experience, and location. Final offer amounts may vary from the amounts listed below.

    The pay range for this role is :

    135,000 - 236,250 USD per year (US Tier 1)

    121,500 - 212,625 USD per year (US Tier 2)

    114,750 - 200,813 USD per year (US Tier 3)

    Salary : $114,750 - $200,813

    If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Senior Security Incident Response Engineer?

    Sign up to receive alerts about other jobs on the Senior Security Incident Response Engineer career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $87,466 - $114,731
    Income Estimation: 
    $114,790 - $146,930
    Income Estimation: 
    $115,647 - $153,495
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $164,835 - $201,088
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $77,991 - $108,747
    Income Estimation: 
    $111,725 - $147,313
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $111,725 - $147,313
    Income Estimation: 
    $139,945 - $168,577
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Job openings at Rippling

    Rippling
    Hired Organization Address Seattle, WA Full Time
    About Rippling Rippling is the first way for businesses to manage all of their HR & IT-payroll, benefits, computers, app...
    Rippling
    Hired Organization Address San Francisco, CA Full Time
    Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are...
    Rippling
    Hired Organization Address San Francisco, CA Full Time
    About Rippling Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce s...
    Rippling
    Hired Organization Address San Francisco, CA Full Time
    About Rippling Rippling is the first way for businesses to manage all of their HR & IT-payroll, benefits, computers, app...

    Not the job you're looking for? Here are some other Senior Security Incident Response Engineer jobs in the San Francisco, CA area that may be a better fit.

    Senior Sales Engineer

    Incident, San Francisco, CA

    AI Assistant is available now!

    Feel free to start your new journey!