Security Application Engineer, DAST Scanning (remote US)

Security Application Engineer, DAST Scanning (Remote US) 

The RingCentral environment is dynamic, success-driven, team-oriented and committed to providing world-class service for its customers through the security of its products. Do you have the ability to thrive in a fast-paced but work-life balanced environment? We are looking for candidates with an entrepreneurial spark! This role requires US citizenship.

RingCentral is a cloud communications leader that fosters career development and provides leadership training, education, workshops, and coaching for all employees. The RingCentral Application Security team is a part of a larger CISO led organization. The area of responsibility of the application security team includes enablement and support for RingCentral’s Security Development Lifecycle (SDL) program. 

It includes development of infosec governance artifacts i.e., policies, standards and procedures for secure software development at RingCentral, security architecture reviews and threat modeling, developing security requirements, SAST/DAST/SCA testing and integration of these tools into the build and deploy process, penetration testing, managing a bug bounty program.

We are looking for a Security Application Engineer with a strong understanding of web and mobile application vulnerabilities, how they can be detected, exploited and remediated.

Responsibilities:

• Consult developers on questions related to reports of security scanners*, which includes:
• as needed, explain why an issue should be considered as a vulnerability
• explain circumstances under which an issue might be exploitable
• provide suggestions on how an issue can be remediated using internal security controls
• Review and validate issues marked as potential false positives by developers; request additional clarifications where required.
• Report breached security defects within company SLA’s.
• Review and improve security scanners configurations:
• review scanning rules in presets, make sure that important rules are enabled, and irrelevant rules are disabled
• make sure security scanners do not miss production code/applications, as well as do not scan testing-only code/applications
• where possible and required, adjust scanning rules to improve their accuracy
• collaborate with legal to make sure that license violation rules for open-source software are configured correctly

Qualifications:

• Extensive experience with web and mobile application setup and testing for SAST/DAST
• Experience with penetration testing using tools like Burpsuite
• Technical experience in software architecture, design, implementation and security code reviews
• U.S citizenship required
• Experience with open-source software including lifecycle management, vulnerability management tools
• Experience working with developers to provide guidance on vulnerability management
• Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management
• …