Security Application Engineer
Remote New Hampshire
Say hello to opportunities.
It’s not every day that you consider starting a new career. We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re a $2 Billion annual revenue company with double digit Annual Recurring Revenue (ARR) and a $93 Billion market opportunity in UCaaS, Contact Center and AI-powered adjacencies. We invest more than $250 million annually to ensure our AI-enabled technology and platforms meet or exceed the needs of our customers.
RingSense AI is our proprietary AI solution. It’s designed to fit the business needs of our customers, orchestrated to be accurate and precise, and built on the same open platform principles we apply to our core software solutions.
This is where you and your skills come in. We’re currently looking for: a Security Application Engineer with a strong understanding of web and mobile application vulnerabilities, how they can be detected, exploited and remediated.
Responsibilities:
Consult developers on questions related to reports of security scanners*, which includes explaining why an issue should be considered as a vulnerability, explaining circumstances under which an issue might be exploitable, providing suggestions on how an issue can be remediated
Review and validate issues marked as potential false positives by developers; request additional clarifications where required.
Review and improve security scanners configurations:
Review scanning rules in presets, make sure that important rules are enabled and irrelevant rules are disabled
Make sure security scanners do not miss production code/applications, as well as do not scan testing-only code/applications
Where possible and required, adjust scanning rules to improve their accuracy
Collaborate with legal to make sure that license violation rules for open source software are configured correctly
Maintain access to security scanners.
Report breached security defects SLA.
Support risk exceptions process for the following cases:
violations of security defects SLA
deviations from security policies/standards (for example, releasing with a higher vulnerability level than defined as satisfactory)
Triage reports from the bug bounty platform, address them to responsible engineering teams
Triage reports from the external attack surface management platform, address them to responsible engineering teams
Maintain security scanners deployed in production environment, which includes:
deploy new versions
Patch security vulnerabilities
Make sure security hardening benchmarks are met (such as CIS or STIG)
Make sure other requirements for production deployment are met (logging, monitoring, backups, etc.) Note: Security scanners include, but are not limited to static application …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
U.S. citizenship required
Benefits/Perks401K match and ESPP Coaching Commuter benefits Comprehensive medical, dental, vision Comprehensive medical, dental, vision, disability, life insurance Dental Disability Disability, life insurance Employee Assistance Program Employee bonus referral program ESPP Flexible PTO FSAs HSA Life Insurance Medical Paid parental leave Pet Insurance Vision Wellness programs
Tasks- Collaborate with legal on license violations
AI Coaching Collaboration Communication Communications Contact center Contact Center Solutions Dynamic Application Security Testing Implementation Mobile application security Open Source Software Management Organizational Penetration Testing Risk Assessment Security Security Scanners Security Testing Software Composition Analysis Static Application Security Testing STIG Testing Threat modeling Time Management UCaaS Vulnerability Management Vulnerability Remediation Web application security
Experience5 years
Education Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9