Security Application Engineer
Company: RingCentral, Inc
Location: Denver
Posted on: May 2, 2024
|
|
Job Description:
Security Application Engineer, DAST Scanning (Belmont CA, Denver
CO, Dallas TX)The RingCentral environment is dynamic,
success-driven, team-oriented and committed to providing world
class service for its customers. Do you have the ability to thrive
in a fast-paced environment? We are looking for candidates with an
entrepreneurial spark!We're not a phone company; we're a cloud
business-solutions provider. We've thrown out the old PBX along
with its rigid rules and eliminated the complexity and unnecessary
expense of managing business communications the old way.RingCentral
fosters career development and provides leadership training,
education, workshops, and coaching for all employees.RingCentral
promotes a healthy work-life balance by providing catered lunch and
breakfast on a daily basis as well as a kitchen stocked with a
variety of complimentary beverages and delicious snacks.The
RingCentral Application Security team is a part of a larger CISO
team. The area of responsibility of the application security team
includes enablement and support for RingCentral's Security
Development Lifecycle (SDL) program. This includes development of
infosec governance artifacts i.e., policies, standards and
procedures for secure software development at RingCentral, leading
security architecture reviews and threat modelings, developing
security requirements, SAST/DAST/SCA testing and integration of
these tools into the build and deploy process, penetration testing,
managing bug bounty program.We are looking for a Security
Application Engineer with a strong understanding of web and mobile
application vulnerabilities, how they can be detected, exploited
and remediated.Responsibilities:Consult developers on questions
related to reports of security scanners*, which includes: explain
why an issue should be considered as a vulnerability explain
circumstances under which an issue might be exploitable provide
suggestions on how an issue can be remediatedReview and validate
issues marked as potential false positives by developers; request
additional clarifications where required.Review and improve
security scanners configurations: review scanning rules in presets,
make sure that important rules are enabled and irrelevant rules are
disabled make sure security scanners do not miss production
code/applications, as well as do not scan testing-only
code/applications where possible and required, adjust scanning
rules to improve their accuracy collaborate with legal to make sure
that license violation rules for open source software are
configured correctlyMaintain access to security scanners.Report
breached security defects SLA.Support risk exceptions process for
the following cases: violations of security defects SLA deviations
from security policies/standards (for example, releasing with a
higher vulnerability level than defined as satisfactory)Triage
reports from the bug bounty platform, address them to responsible
engineering teamsTriage reports from the external attack surface
management platform, address them to responsible engineering
teamsMaintain security scanners deployed in production environment,
which includes: deploy new versions patch security vulnerabilities
make sure security hardening benchmarks are met (such as CIS or
STIG) make sure other requirements for production deployment are
met (logging, monitoring, backups, etc.)* - security scanners
include, but are not limited to static application security testing
(SAST), dynamic application security testing (DAST) and software
composition analysis (SCA)Qualifications: Technical experience in
product architecture, design, implementation Expertise with product
security design, review, implementation including threat modeling
and risk assessment implications U.S citizenship required Extensive
experience with web and mobile application testing- SAST/DAST,
penetration testing Secure design and implementation capabilities
Experience with open-source software including lifecycle
management, vulnerability management tools Excellent communication
skills, both verbal and written; ability to condense complicated
scenarios into simple, risk-based assessments, appropriately
targeted for colleagues and upper management Outstanding
organizational and time management skills, desire to work within a
highly collaborative teamNice-To-Have: Any WebRTC, Video and audio
streaming Video codecs B.S. or equivalent in CS or EEWhat we
offer:RingCentral offers all the work/life benefits you could ever
want, (and none of the micromanagement.) Comprehensive medical,
dental, vision, disability, life insurance Health Savings Account
(HSA), Flexible Spending Account (FSAs) and Commuter Benefits 401K
match and ESPP Flexible PTO Wellness programs including1:1 wellness
coaching through TaskHuman and meditation guidance through
Headspace Paid parental leave and new parent gift boxes Pet
insurance Employee Assistance Program (EAP) with counseling
sessions available 24/7 Rocket Lawyer services that provide legal
advice, document creation and estate planning Employee bonus
referral programRingCentral's work culture is the backbone of our
success. And don't just take our word for it: we are recognized as
a Best Place to Work by Glassdoor, the Top Work Culture by
Comparably and hold local BPTW awards in every major location.
Bottom line: We are committed to hiring and retaining great people
because we know you power our success.About
RingCentral:RingCentral, Inc. (NYSE: RNG) is a leading provider of
business cloud communications and contact center solutions based on
its powerful Message Video Phone (MVP) global platform. More
flexible and cost effective than legacy on-premises PBX and video
conferencing systems that it replaces, RingCentral empowers modern
mobile and distributed workforces to communicate, collaborate, and
connect via any mode, any device, and any location.RingCentral is
headquartered in Belmont, California, and has offices around the
world. If you are hired in Colorado, the compensation range for
this position is between $120,000 and $150,000. If you are hired in
Belmont, the compensation range for this position is between
$140,000 and $170,000. RingCentral is an equal opportunity employer
that truly values diversity. We do not discriminate on the basis of
race, religion, color, national origin, gender, sexual orientation,
age, marital status, veteran status, or disability status. We are
committed to providing reasonable accommodations for individuals
with disabilities during our application and interview process. If
you require such accommodations, please click on the following link
to learn more about how we can assist you.
Keywords: RingCentral, Inc, Commerce City , Security Application Engineer, Engineering , Denver, Colorado
Click
here to apply!
|