RingCentral is the company that provides businesses with different cloud-based business communications solutions that include unified communications as a service (message, video, phone), and contact center as a service that allow teams and customers to work together - from anywhere.
JettyCloud looks for IT professionals on behalf of RingCentral to join its team in Valencia.
JettyCloud is a software R&D center that works for RingCentral. Due to our long-term partnership we help the company to find talented engineers who will work on #1 cloud communications solution.
The RingCentral Application Security team is a part of a larger CISO team. The area of responsibility of the application security team includes enablement and support for RingCentral’s Security Development Lifecycle (SDL) program. This includes development of infosec governance artifacts i.e., policies, standards and procedures for secure software development at RingCentral, leading security architecture reviews and threat modelings, developing security requirements, SAST/DAST/SCA testing and integration of these tools into the build and deploy process, penetration testing, managing bug bounty program.
We are looking for an AppSec Automation Engineer with a solid experience in integrating tools into CI/CD pipelines, automating scans management and orchestration, building feedback channels for these tools. The engineer will work with all RingCentral product lines, including PBX, Video, Messaging, Unified App, Webinars, Analytics, AI, Integrations, Contact Center, Video Conferencing, etc.
Collaborate with DevOps engineers to design security tools/scanners integrations into their pipelines
Develop solutions that could be universal and easy to use by DevOps engineers who use a wide range of technologies for their pipelines (solutions examples: GitLab CI/CD templates or Jenkins shared libraries)
Develop automation (for example, Jenkins jobs) for scheduled regular runs of security scanners
Develop in-house utilities needed for the application security team (such as scripts, that implement security checks, dashboards, etc.)
Support existing solutions (such as GitLab CI/CD templates, Jenkins jobs and shared libraries) by fixing bugs identified by DevOps engineers, adding new features, various improvements (for example, performance enhancements) and onboarding new system components
Support infrastructure for the security tools/scanners that have on-premises installations, which includes: keep underlying operating systems updated, install updates from vendors to these tools, restore these tools in case of failures, deploy additional tools or additional machines for existing tools in case of scaling.
Design/develop/support feedback channels for engineering teams from the security tools/scanners, such as dashboards or JIRA integrations or any interfaces to allow statuses setting
Communicate with the security tools/scanners vendors to resolve issues if any.
Run trial/demo installations in case of purchasing new security tools.
Security tools/scanners include, but are not limited to SAST, DAST and SCA.
2+ years of experience on a similar position (DevSecOps engineer, DevOps engineer, application security engineer).
Understanding of CI/CD processes. Scripting skills for automation in any language. System administration skills (Windows, Unix).
Experience with Docker. Understanding concepts related to git repositories, in particular GitLab (branch, commit, merge request, etc.).
Experience in GitLab CI/CD development.
Experience in Jenkins jobs development.
Skills for working with (getting data from) REST APIs. Experience or willingness to learn and work with static code analysis (SAST), dynamic application analysis (DAST), and dependency analyzers (SCA).
Nice to have:
Familiar with the principles of building a secure software development lifecycle (for example, based on OWASP SAMM).
Familiar with OWASP DevSecOps Guideline.
Understanding of GitOps approach and experience with the Argo CD tool.
Experience with modifying/creating rules for security scanners.
Well-coordinated professional team.
Cutting edge technologies, interesting and challenging tasks, dynamic project, great opportunities for self-realization, professional and career growth.
Flexible working hours and opportunity for a hybrid work.
Job placement and payment of salary take place according to the labor code, as well as vacation and sick lists.
Medical Insurance, including Dental and Vision.
Business Travel Insurance.
Employee Assistance Program.
Vacation 23 days.
Сompensation for internet and cellphone.
Employee Assistance Program (EAP), counseling sessions available 24/7 Headspace & Taskhuman.