Senior Application Security Engineer at RingCentral in Belmont, CA

As a member of the Security Operations team, you will ensure RingCentral maintains its most meaningful ability—security and availability. Customers demand seamless performance 24/7, and you’ll lead the way with innovative solutions that keep users securely connected when and wherever they work.

We’re as proud of our working environment as we are of our market success. You’ll find all the training, opportunity and resources you could ever want here - with all the work/life benefits you expect, and none of the micromanagement.

RingCentral regularly brings home Best Place To Work awards from locations all over the world, and outstanding company ratings on Glassdoor and Comparably!

RingCentral surrounds you with world-class technology and talent, in a people-first environment built from the ground up to help you do the best work of your career. We’re not just changing the nature of communication and teamwork. We’re winning, together.

As a Senior Application Security Engineer, you’ll participate in the technical strategy for securing cloud-native and data-center-native SaaS and PaaS products and infrastructures at scale, in a sophisticated web and VoIP services environment. This role will mostly focus on the design and implementation of secure DevOps software development practices, and testing methods, and partly on data center and cloud service security infrastructure design and implementation. The successful candidate will bring vision to the role and will have strong expertise in security architecture practices, data center infrastructure security, securing work streams in AWS and GCP, SecDevOps and automation, secure coding practices, and testing security efficiency. You'll have domain expertise that’s applicable across multiple teams and will quickly establish multi-functional relationships with colleagues to become a trusted resource for Operations, Product, Development, and IT departments, while also maintaining a hands-on role in implementing solutions and crafting specifications for those teams.

Responsibilities:

• Design and plan application security architectures that align with the company's business strategy and commitments, inclusive of privacy and compliance
• Perform static and multifaceted code testing, threat modeling, design reviews, and penetration testing of company applications, review results, and work with engineering to provide fixes
• Partner with security stakeholders across the organization to help delivery teams envision and deliver security initiatives
• Analyze business requirements and interpret into security requirements
• Understand business context. Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks, and recommends technologies and solutions to mitigate them
• Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and colleagues.
• Work closely with technical leaders in other departments to ensure implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines
• Actively communicate with partners to drive awareness and understanding of security architecture roadmaps and directions
• Evaluate pre-existing application and infrastructure designs through manual and automated web and mobile application security testing, and make recommendations for improvements with a strong focus on security, automation, and scale
• Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering, and review bug fixes
• Drive continuous improvement of security measures and capabilities through development and implementation of security testing and quality controls in SDLC stages
• Maintain a solid understanding of ongoing security threats, defensive measures, and operational best practices, and assist leadership with the quantification of risk priorities and establishing security related projects

Qualifications:

• Bachelor's degree in Computer Science, Computer Engineering or related field and equivalent practical experience.
• 4-10 years' professional experience with both a detailed technical knowledge and hands-on practice working in security engineering, DevOps, application penetration testing, secure software development, and/or negative QA testing
• Advanced understanding of web architectures, web applications, APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure
• Detailed knowledge of cloud VoIP, web, mobile, and client application security vulnerabilities, attack methods, and countermeasure techniques
• Experience with a broad range of web attack classes, their workings, and propagation methods
• Experience securing DevOps, including continuous integration, configuration management, and continuous deployment
• Experience securing platform APIs and development environments in inter-company and ODC / partner environments
• Experience leading code reviews, pen-tests, or similar projects
• Experience deploying and using a wide selection of open source and commercial security tools
• Experience writing scripts and building automation for security (DevOps, QA, data collection, etc.)
• Solid understanding of encryption technologies, cryptography and key management, authentication and control of application permissions
• Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) and security capabilities
• Knowledge of web, VoIP and mobile application development and programming languages including Java, C++, Objective C. Previous programming experience, and experience collaborating with product managers, QA teams, and application developers
• Results driven, creative, professional, persistent, quality oriented, and self-motivated work style. Must be able to prioritize and handle their projects and workload. Experience working with global teams and ability to work global hours when vital, including U.S., EU, and APAC time zones

Desirable Skills and Experience:

• Knowledge of e-commerce payment systems (credit card, debit card, bank transfers)
• Continuous monitoring and incident response experience
• Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying these methods in development and QA
• Ability to perform threat modeling or use other risk identification techniques
• Experience with payment fraud and toll fraud
• Experience with PCI, Sarbanes Oxley, SSAE-16 SOC controls, ISO 27001/27002, NIST 800-53, FEDRAMP and other security frameworks
• Knowledge of CPNI and global privacy regulations
• Security certifications such as CISSP, Certified Ethical Hacker, and SANS GIAC (any combination of GCIH, GPPA, GMON, GCWN, GCUX, GPYC, GPEN, GWAPT, GXPN, GSSP-Java, GWEB, GMOB, GAWN, or GSE)

Benefits and Amenities:

• Centrally located in Belmont, CA (close to highways 101, 280, and 92)
• Comprehensive medical, dental, and vision
• Flexible PTO
• 401K match and ESPP
• Complimentary organic breakfast and lunch daily, and fully stocked break rooms
• On-site gym with free yoga and boot-camp classes

About RingCentral

RingCentral is the worldwide leader in cloud-based communications. Our software communications platform delivers phone, group chat, mobile communications, video calls, videoconference, contact center, and AI-driven digital engagement. It’s a powerful, global presence that allows businesses to communicate anywhere, anytime with anyone.