RingSense AI is our proprietary AI solution. It’s designed to fit the business needs of our customers, orchestrated to be accurate and precise, and built on the same open platform principles we apply to our core software solutions.
The RingCentral Application Security team is a part of a larger CISO team.
The area of responsibility of the application security team includes enablement and support for RingCentral’s Security Development Lifecycle (SDL) program.
This includes development of infosec governance artifacts i.e., policies, standards and procedures for secure software development at RingCentral, leading security architecture reviews and threat modelings, developing security requirements, SAST/DAST/SCA testing and integration of these tools into the build and deploy process, penetration testing, managing bug bounty program.
We are looking for a Security Application Engineer with a strong understanding of web-application vulnerabilities, how they can be detected, exploited and remediated.
This role requires on-site presence at our office 4 days a week to support effective collaboration and teamwork.
Responsibilities:
Collaborate with Product Management, Engineering and Analytics teams to ensure RingCentral products, applications and tools support both security architecture and secure development standards
Drive adoption of security and privacy aware SDLC discipline across all organizations
Identify gaps in existing security architecture and collaborate with engineering to design, review and approve changes or enhancements
Enforce security guardrails for all RingCentral products and applications
Lead security risk assessments for proposed cloud and endpoint designs, architectures and solutions
Provide vulnerability remediation design and solutions
Provide clear, risk-based assessments of product security maturity including areas for improvement and if needed, identify stop-ship situations
Collaborate with Cloud platform and product architecture teams to embed security standards
Support integrations of automated security testing tools (SAST/DAST/SCA) into the build and deploy process
Provide support to engineering teams working with automated security testing tools
Lead annual and ad-hoc security assessments, which includes:
Security design review and threat modeling
Targeted security code review
Penetration testing
Coordinating efforts of external penetration testing consultants
Triage reports from the bug bounty platform, address them to responsible engineering teams
Qualifications:
Technical experience in product architecture, design, implementation
Expertise with product security design, review, implementation including threat modeling and risk assessment implications
Extensive experience with application testing- SAST/DAST, penetration testing
Secure design and implementation capabilities
Experience with open-source software including lifecycle management, vulnerability management tools
Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management
Outstanding organizational and time management skills, desire to work within a highly collaborative team
Nice-To-Have:
WebRTC, Video and audio streaming
Video codecs
B.S. or equivalent in CS or EE
What we offer:
Well-coordinated professional team
Cutting edge technologies, interesting and challenging tasks, dynamic project, great opportunities for self-realization, professional and career growth
Additional Health and Life Insurance Package
Employee Assistance Program
25 vacation days
This role requires on-site presence at our office 4 days a week to support effective collaboration and teamwork.
