Senior Security Incident Response Engineer

About The Role

We are looking for a Senior Security Incident Response Engineer to join our Detection and Response Team (DART). In this role, you will be at the forefront of handling security incidents, working to investigate, contain, and mitigate threats across Rippling’s environments. You will play a pivotal role in developing and optimizing our incident response function, ensuring that security incidents are managed efficiently and effectively, while continuously improving our processes and infrastructure.

You will work alongside cross-functional teams to respond to complex security incidents, drive improvements in detection and response capabilities, and create scalable solutions to manage and address emerging threats. This is an opportunity to build out Rippling's incident response function from the ground up, providing leadership and technical expertise to secure our production and corporate environments

What You Will Do

• Lead and coordinate the response to security incidents, including triage, investigation, analysis, and communication to internal and external stakeholders.
• Develop and maintain incident response playbooks and runbooks for new and existing threat scenarios.
• Automate and optimize workflows for detection, incident analysis, and response, improving the speed and effectiveness of incident handling.
• Improve security detection capabilities through rule development, tuning, and proactive threat hunting to identify potential attack vectors.
• Conduct root cause analysis of incidents and suggest improvements to processes and technologies to prevent future occurrences.
• Collaborate with teams across Rippling to implement security measures and mitigation strategies that enhance detection and response capabilities.
• Provide expert input on the design and implementation of security controls, processes, and automation tools.

What You Will Need

• Strong communication skills, with the ability to communicate complex security findings to both technical and non-technical stakeholders.
• 7+ years of hands-on experience in security incident response, including detection, investigation, and containment of security incidents in cloud and on-premise environments.
• Strong expertise in leading security incident investigations and managing complex incidents involving multiple stakeholders.
• Advanced knowledge of cloud security, particularly AWS, including security controls and monitoring services.
• Proficiency in using SIEM, SOAR, and other security tools to monitor, investigate, and respond to security incidents.
• Strong knowledge of adversary tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK.
• Ability to analyze and correlate large sets of security data to identify anomalous activity and potential security incidents.
• Expertise in malware analysis, endpoint forensics, and persistence mechanisms.
• Experience in developing security automation using scripting and programming languages such as Python, Bash, or PowerShell.
• Deep understanding of operating system internals and forensic analysis techniques for macOS, Windows, and Linux environments.
• Experience with threat hunting and proactive detection of advanced persistent threats (APTs).