Application Security Engineer
Application Security Engineer
Job Type: Full-Tme
Location: Belmont, CA
Department: Security - Operations
The RingCentral environment is dynamic, success-driven, team-oriented and committed to providing world class service for its customers. Do you have the ability to thrive in a fast-paced environment? We are looking for candidates with an entrepreneurial spark!
We’re not a phone company; we’re a cloud business-solutions provider. We've thrown out the old PBX along with its rigid rules and eliminated the complexity and unnecessary expense of managing business communications the old way.
RingCentral fosters career development and provides leadership training, education, workshops, and coaching for all employees. RingCentral promotes a healthy work-life balance by providing catered lunch and breakfast on a daily basis as well as a kitchen stocked with a variety of complimentary beverages and delicious snacks.
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As an application security engineer at RingCentral, your primary responsibilities will include research, analysis, prevention, and detection of application vulnerabilities and exploit attempts. You will essentially participate in the secure design, development, implementation, and testing of RingCentral products.
Successful candidates will:
- Have proven skills in application and mobile security
- Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills
- Demonstrated track record of quality processes in candidate’s work history
- Be strongly self-motivated with an aptitude for both individual and team-oriented work
- Perform static and dynamic code testing, threat modeling, design reviews, and penetration testing of company applications, review results and work with engineering to provide fixes
- Support the implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines
- Develop and implement manual and automated web and mobile application security testing of company’s applications
- Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concepts, and pilot installations
- Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering, and review bug fixes
- Develop and implement security testing and quality controls in CI/CD process
- Build re-usable security libraries and other components for Engineering teams to use in their development and QA work
- Define privacy by design and privacy engineering practices, and work with development teams to implement
- Drive effectiveness, adoption and measurement of security software development practices
- Assist QA in developing security test cases, and testing those cases
- Work with software development teams to secure development environments
- Write and maintain relevant documentation and audit reports
- Experience with C/C++ and/or Java
- Experience with mobile programming, either Android or iOS
- Advanced Knowledge of CWE/SANS 25 common programming errors, and OWASP top 10, their attack vectors, and how to mitigate against these errors and vulnerabilities
- Experience with web application architecture and design
- Experience with layer 7 web defense (WAF, RASP, etc.)
- Familiarity with Static and dynamic code scanning tools
- Familiarity with penetration testing tools (Metasploit, ZAP, Burp)
- Familiarity with Version Control Tools such as Git, Bitbucket, Svn, Mercurial, Perforce
- Familiarity with CI/CD tools such as Jenkins, Docker, Puppet, Kubernetes
- Experience identifying attack and service abuse artifacts in application logs
- One or more relevant security certifications, such as:
- GWAPT (GIAC Certified Web Application Pentester)
- GCIH (GIAC Certified Incident Handler)
- CEH (Certified Ethical Hacker)
- GPEN (GIAC Certified Pentester)
- GPYC (GIAC Certified Python Coder)
- GMOB (GIAC Mobile Device Security Analyst)
- GWEB (GIAC Certified Web Application Defender)
- GSSP-Java (GIAC Secure Software Programmer-Java)
- GPEN (GIAC Pen Tester)
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
- Strong knowledge of RedHat Linux
- Strong knowledge of Microsoft Windows
- Strong command line and scripting skills
- Experience working with global teams
RingCentral, Inc. (NYSE: RNG) is a global provider of cloud unified communications and collaboration solutions. More flexible and cost-effective than legacy on-premise systems, RingCentral empowers today’s mobile and distributed workforces to be connected anywhere and on any device through voice, video, team messaging, collaboration, SMS, conferencing, online meetings, contact center, and fax. RingCentral provides an open platform that integrates with today’s leading business apps while giving customers the flexibility to customize their own workflows. RingCentral is a leader in the 2016 Gartner Magic Quadrant for Unified Communications as a Service Worldwide for the second consecutive year. RingCentral is headquartered in Belmont, Calif.
RingCentral is an EEO/AA employer.
Back to top