About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About the role

We are seeking a highly experienced Staff Security Engineer (L8) to help build out our Privacy Engineering & Response team under the Security organization reporting to our Director of Security Operations. This critical role will be instrumental in safeguarding our data privacy and ensuring compliance with evolving regulatory requirements. You will own data privacy incidents, lead proactive projects to prevent future occurrences, and contribute to our data protection initiatives through automation and system development.

We are looking for someone with a strong background in privacy engineering, proven technical depth, familiarity with key regulatory frameworks (e.g., HIPAA, GDPR, and CCPA), and the ability to translate regulatory requirements into scalable, privacy-by-design solutions.

What You’ll Do

• Data Privacy Incident Ownership: Own privacy-related incidents (e.g., data misuse, misdirection of PII/PHI, or regulatory exposure) from identification to resolution. Work cross-functionally with Privacy Legal, Security, and Engineering to manage and mitigate risks.
• Proactive Privacy Projects: Lead initiatives that reduce or prevent privacy incidents. Define scope, set objectives, and deliver impactful outcomes that scale across the company.
• Team Charter Development: Contribute significantly to building out the charter for the Privacy Engineering & Response team, defining its mission, scope, and operational procedures, shaping its long-term impact.
• Data Protection & Security Automation: Play a key role in our data protection and data security initiatives by automating processes such as data inventory, data classification, and data tagging.
• Violation Reporting System: Design and build a system to effectively report data violations, ensuring timely and accurate communication of incidents.
• Regulatory Compliance: Apply your expertise in privacy engineering and familiarity with regulatory compliance requirements, including but not limited to HIPAA, GDPR, and CCPA, to all aspects of your work.
• Privacy-by-Design Integration: Embed privacy-by-design principles into the product development lifecycle. Influence product and engineering teams to address risks proactively before launch.

What We're Looking For

• Proven experience in Privacy Engineering, with a track record of measurable impact (e.g., reducing incident frequency/severity, shortening investigation timelines, scaling compliance via automation), including developing and implementing privacy-enhancing technologies (PETs) and data anonymization techniques.
• Deep understanding of global privacy regulations such as GDPR, CCPA, HIPAA, and LGPD, with the ability to translate legal and regulatory requirements into technical specifications and implement privacy-by-design solutions.
• Excellent collaboration, and communication skills, with the ability to work effectively cross-functionally with legal, engineering, product, and other stakeholders to embed privacy into all aspects of the business.
• Demonstrated experience in conducting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs), as well as identifying and mitigating privacy risks, and developing and implementing privacy controls using privacy risk management frameworks and tools.
• Familiarity with data security best practices, encryption, access control, and secure software development lifecycles.
• Strong technical skills in Python or Go; experience with AWS and GCP; and familiarity with data infrastructure (e.g., BigQuery, Snowflake, DLP tooling).
• A proactive and problem-solving mindset, adaptable to a fast-paced and evolving regulatory landscape.

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accomodations@rippling.com

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.

A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.