Staff Product Security Engineer

San Francisco, CA

Product Security Engineer (Staff Engineer and above)

Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world.  Ripple is looking for passionate Information Security professionals to build an extraordinary Information Security program.  As part of the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.  

In this role, you will be a technical InfoSec leader ensuring the security of Ripple’s product line and mentoring other InfoSec engineers.  Product Security Engineers providing detailed threat models for all products and services and ensuring that the required detection and prevention controls meet the most exacting standards.  The role will report to our Director of Security and Operations and will be in regular collaboration with the technical leaders across our engineering and cloud operations teams.   

WHAT YOU’LL DO:

  • Be a security advocate and subject matter expert within the organization and be able to communicate security risk and concepts to both technical and non-technical audiences
  • Lead initiatives with Engineering teams to optimize threat models and mitigate risks.
  • Encourage a positive security culture across the Engineering organization
  • Relentlessly champion for security outcomes on behalf of our customers
  • Work with other engineering leaders to embed security into day-to-day development processes
  • Help proactively assess security risk through product deep dives, threat modeling, and design, architecture and implementation reviews.
  • Review and enhance existing security processes  related to product assessments, pen testing, and bug bounty findings
  • Develop product security controls and monitoring strategies to grow our threat detection capabilities
  • Seek opportunities for security tooling and automation.

WHAT WE’RE LOOKING FOR:

  • 8 years of experience in Information Security
  • Experience with the application of threat modeling and other risk identification techniques
  • Strong understanding of the OWASP top 10, including details of common vulnerabilities 
  • Experience with authentication and authorization standards including OAuth and SAML and their weaknesses.
  • Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
  • Experience with Amazon Web Services and Google Cloud Platform
  • Advanced level coding skills (Java is a plus)
  • Results oriented, values collaboration, self-motivated
  • Someone willing to adapt to change in a fast moving environment
  • Inclusive leadership and teamwork skills
  • Results oriented, values collaboration, self-motivated
  • Above all, a team player that can handle challenging situations, a rapidly maturing security culture, and an eagerness to mentor less experienced engineers

For positions that will be based in CA, the annual salary range for this position is $169,036 - $211,295. Actual salaries may vary based on numerous factors including, among other things, an individual applicant’s experience and qualifications for the position.


WHO WE ARE:

Ripple is doing for value what the internet did for information: enabling its instant and seamless flow around the world. We call this the Internet of Value (IoV). Using blockchain and cryptocurrency technology, Ripple is dedicated to creating powerful gains in financial efficiency, equity and inclusion. In addition, Ripple is developing and enabling the future use cases that will catalyze the new digital economy for governments, businesses and consumers.

Ripple has offices in Bangalore, Dubai, Dublin, London, Miami, Mumbai, New York, Reykjavík, San Francisco, São Paulo, Shanghai, Singapore, Sydney, Toronto, and Washington, D.C.

WHAT WE OFFER – The resources and support to be your best at work and beyond:

Do Your Best Work

  • The opportunity to build in a fast-paced start-up environment with experienced industry leaders
  • A learning environment where you can dive deep into the latest technologies and make an impact.  A professional development budget to support other modes of learning.
  • Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
  • Ripple is Flexible First: you have the option to work remotely, from our offices, or a combination of the two within the 11 countries we are located around the world.
  • Weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
  • We come together for moments that matter which include team off-sites, team bonding activities, happy hours and more!

Take Control of Your Finances

  • Competitive salary, bonuses, and equity
  • Bonus Flexibility Program: Participants in the Corporate Bonus Plan have the option to elect to receive their annual bonus in cash, equity or XRP, or a combination.
  • 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
  • 401k (with match) 
  • Commuter benefits
  • Employee giving match
  • Mobile phone stipend

Take Care of Yourself

  • Twice a quarter R&R days so you can rest and recharge
  • Generous wellness reimbursement and weekly onsite & virtual programming
  • Flexible vacation policy - work with your manager to take time off when you need it
  • Industry-leading parental leave policies. Family planning benefits.
  • Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

Benefits listed above are for full-time employees.


Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.