THE WORK:As a Senior Staff Security Engineer, you will be one of Ripple's most senior technical security practitioners, operating at the intersection of application security, cloud infrastructure security, and secure software delivery. This role exists to raise the technical bar and extend Ripple's security posture as the engineering organization scales across new products, new architectures, and an increasingly sophisticated threat landscape.
You will serve as the dedicated security engineering partner for Ripple Treasury. You will lead the technical direction for product and infrastructure security, partnering with Ripple Treasury Product and Engineering teams to drive secure design, threat modeling, vulnerability management, and cloud security architecture.
WHAT YOU'LL DO:- Serve as the dedicated Security Engineering partner for Ripple Treasury BU, owning the security posture of the Treasury solution and infrastructure environment from assessment through remediation and ongoing maturity improvement.
- Lead threat modeling and security architecture reviews across Treasury offerings.
- Own the secure software development lifecycle for your product surface area, defining security guardrails, CI/CD integrations, and developer guidance that make secure by default a practical reality.
- Drive the cloud security architecture for Treasury across Azure and AWS, including IAM, network segmentation, encryption, zero trust controls, Kubernetes traffic policies, and DDoS and WAF strategy, ensuring full alignment with Ripple's infrastructure standards as Treasury integrates.
- Partner with GRC to ensure Treasury meets its compliance obligations across SOC 2, ISO 27001, and applicable financial regulatory frameworks as the BU integrates into Ripple's governance program.
- Own vulnerability discovery via security assessments, penetration testing and bug bounty, driving findings through triage, prioritization, remediation, and validation with a bias toward automation and developer self-service.
- Build and scale a Security Champions model within Treasury Engineering, embedding security advocates who extend the Security Engineering team's reach at scale.
- Influence engineering architecture decisions at the senior level, participating in design reviews and architectural assessments with the standing to raise security concerns that get acted on.
- Mentor and develop Security Engineers, raising the technical bar through threat model walkthroughs, design discussions, and structured knowledge sharing.
- Stay ahead of the threat landscape for FinTech, crypto, and enterprise treasury systems, translating emerging attack techniques into concrete defensive improvements across platforms and systems.
WHAT YOU'LL BRING: - 10+ years of Security Engineering experience, including hands-on work in Product Security and Infrastructure Security.
- Expert-level product security skills including threat modeling using STRIDE or equivalent, security architecture review, OWASP Top 10 and beyond, API security, authentication and authorization design, and secure SDLC development.
- Deep expertise in securing cloud environments across Azure, AWS, and/or GCP, covering IAM architecture, network security, secrets management, container and Kubernetes security, and infrastructure as code security.
- Hands-on experience building and operating DevSecOps tooling, including static analysis, dynamic analysis, software composition analysis, secrets scanning, container scanning, and CI/CD pipeline security integration.
- Strong software engineering skills in Python, Go, or equivalent, with the ability to build security tooling, automate controls, and integrate security into engineering workflows without relying on third-party tools for everything.
- Experience with cryptographic principles and key management, including HSMs, MPC, PKI, and key rotation, with an understanding of the consequences of key management failure in financial infrastructure.
- Background in FinTech, crypto, blockchain, or high-stakes financial environments is a strong plus, particularly where security failures have direct customer or systemic financial impact.
- A practitioner's approach. Most effective when close to the work, writing threat models, reviewing architecture documents, reading code, and building tooling.
Other common names for this role: Security Architecture, Security Engineering Lead
For positions that will be based in CA, the annual salary range for this position is below. Actual salaries may vary based on numerous factors including, among other things, an individual applicant's experience and qualifications for the position. This range does not include equity or additional compensation, such as bonuses or commissions.
CA Annual Base Salary Range
$232,000-$290,000 USD
