Security Application Engineer

Say hello to opportunities.

It’s not every day that you consider starting a new career. We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re a $2 Billion annual revenue company with double digit Annual Recurring Revenue (ARR) and a $93 Billion market opportunity in UCaaS, Contact Center and AI-powered adjacencies. We invest more than $250 million annually to ensure our AI-enabled technology and platforms meet or exceed the needs of our customers. 

RingSense AI is our proprietary AI solution. It’s designed to fit the business needs of our customers, orchestrated to be accurate and precise, and built on the same open platform principles we apply to our core software solutions.

This is where you and your skills come in. We’re currently looking for: a Security Application Engineer with a strong understanding of web and mobile application vulnerabilities, how they can be detected, exploited and remediated.

Responsibilities:

• Consult developers on questions related to reports of security scanners*, which includes explaining why an issue should be considered as a vulnerability, explaining circumstances under which an issue might be exploitable, providing suggestions on how an issue can be remediated

• Review and validate issues marked as potential false positives by developers; request additional clarifications where required.

• Review and improve security scanners configurations:

• Review scanning rules in presets, make sure that important rules are enabled and irrelevant rules are disabled

• Make sure security scanners do not miss production code/applications, as well as do not scan testing-only code/applications

• Where possible and required, adjust scanning rules to improve their accuracy

• Collaborate with legal to make sure that license violation rules for open source software are configured correctly

• Maintain access to security scanners.

• Report breached security defects SLA.

• Support risk exceptions process for the following cases:

• violations of security defects SLA

• deviations from security policies/standards (for example, releasing with a higher vulnerability level than defined as satisfactory)

• Triage reports from the bug bounty platform, address them to responsible engineering teams

• Triage reports from the external attack surface management platform, address them to responsible engineering teams

• Maintain security scanners deployed in production environment, which includes:

• deploy new versions

• Patch security vulnerabilities

• Make sure security hardening benchmarks are met (such as CIS or STIG)

• Make sure other requirements for production deployment are met (logging, monitoring, backups, etc.) Note: Security scanners include, but are not limited to static application …