Staff Product Security Engineer, Security Tooling and Automation Lead
Rippling - July 2024 - Current
Lead a global team of five product security engineers that design, implement, and maintain the tooling and automation used by Rippling Security including SAST, SCA, Secrets Scanning, and Bug Bounty capabilities to discover security risks and drive remediation across an engineering organization of over 2000 team members.
Analyzed and refactored Rippling's vulnerability management process by auditing and updating SLAs, implementing self-service risk extensions, and developing a critical new security gate that gives the engineering organization better tools to prioritize fixing vulnerabilities. This resulted in a 95% decrease in out-of-SLA vulnerabilities month-over-month, an 80% reduction in long-lived vulnerabilities, while average overall vulnerabilities remediated in a month grew 1000%.
Led a cross-functional project across Rippling's engineering organization including security, infrastructure, and product engineers to reduce the number of high-confidence secrets improperly stored by 95%.
Developed and deployed a system of tracking code ownership across the engineering organization to automatically triage new findings surfaced from our various vulnerability discovery tools saving 40 hours of work per week.