RingCentral is the company that provides businesses with different cloud-based business communications solutions that include unified communications as a service (message, video, phone), and contact center as a service that allow teams and customers to work together - from anywhere.
The RingCentral Application Security team is a part of a larger CISO team. The area of responsibility of the application security team includes enablement and support for RingCentral’s Security Development Lifecycle (SDL) program. This includes development of infosec governance artifacts i.e., policies, standards and procedures for secure software development at RingCentral, leading security architecture reviews and threat modelings, developing security requirements, SAST/DAST/SCA testing and integration of these tools into the build and deploy process, penetration testing, managing bug bounty program.
We are looking for an AppSec Automation Engineer with a solid experience in integrating tools into CI/CD pipelines, automating scans management and orchestration and building feedback channels for these tools. The engineer will work with all RingCentral product lines, including PBX, Video, Messaging, Unified App, Webinars, Analytics, AI, Integrations, Contact Center, Video Conferencing, etc.
Responsibilities:
Collaborate with DevOps engineers to design security tools/scanners integrations into their pipelines
Develop solutions that could be universal and easy to use by DevOps engineers who use a wide range of technologies for their pipelines (solutions examples: GitLab CI/CD templates, Jenkins shared libraries, API-s listening to webhooks, CLI utilities to use inside pipelines)
Develop automation for scheduled regular runs of security scanners or other periodic activities (for example, Jenkins jobs, k8s CronJob-s or Celery Periodic Tasks)
Develop in-house utilities/API-s/web-apps needed for the application security team (such as scripts, that implement security checks, dashboards, etc.)
Support existing solutions (such as GitLab CI/CD templates, Jenkins jobs and shared libraries, in-house developed API-s and CLI-s) by fixing bugs identified by DevOps engineers, adding new features, various improvements (for example, performance enhancements) and onboarding new system components
Support infrastructure for the security tools/scanners that have on-premises installations, which includes:
○ keep underlying operating systems updated
○ install updates from vendors to these tools
○ restore these tools in case of failures
○ deploy additional tools/virtual machines/container pods for existing tools in case of scaling
Design/develop/support feedback channels for engineering teams from the security tools/scanners, such as dashboards or JIRA integrations or any interfaces to allow managing reported security issues
Communicate with the security tools/scanners vendors to resolve issues if any
Run trial/demo installations in case of purchasing new security tools
Note: Security tools/scanners include, but are not limited to SAST, DAST and SCA
Qualifications:
2+ years of experience on a similar position (DevSecOps engineer, DevOps engineer, application security engineer)
Understanding of CI/CD processes
Experience in Python development
System administration skills (Windows, Unix)
Experience with Docker
Experience with Kubernetes
Understanding concepts related to git repositories, in particular GitLab (branch, commit, merge request, etc.)
Experience in GitLab CI/CD development
Experience in Jenkins jobs development
Experience or willingness to learn and work with static code analysis (SAST), dynamic application analysis (DAST), and dependency analyzers (SCA)
Nice to have:
familiar with the principles of building a secure software development lifecycle (for example, based on OWASP SAMM)
familiar with OWASP DevSecOps Guideline
understanding of GitOps approach
experience with modifying/creating rules for security scanners
experience in Go development
experience in front-end development
experience in AI agents development (building agents, MCP servers, prompt engineering)
What We Offer:
Well-coordinated professional team
Cutting edge technologies, interesting and challenging tasks, dynamic project, great opportunities for self-realization, professional and career growth
Additional Health and Life Insurance Package
Employee Assistance Program
25 vacation days
This role requires on-site presence at our office 4 days a week to support effective collaboration and teamwork.
