Security Application Engineer

September 16

Apply Now

Receive Emails with Similar Jobs

RingCentral

WebsiteLinkedInAll Job Openings

Cloud-based business phone systems • virtual PBX • unified communication • smartphone apps • Internet fax

5001 - 10000

Description

• Consult developers on questions related to reports of security scanners, which includes explaining why an issue should be considered as a vulnerability, explaining circumstances under which an issue might be exploitable, providing suggestions on how an issue can be remediated • Review and validate issues marked as potential false positives by developers; request additional clarifications where required. • Review and improve security scanners configurations: Review scanning rules in presets, make sure that important rules are enabled and irrelevant rules are disabled • Make sure security scanners do not miss production code/applications, as well as do not scan testing-only code/applications • Where possible and required, adjust scanning rules to improve their accuracy • Collaborate with legal to make sure that license violation rules for open source software are configured correctly • Maintain access to security scanners. Report breached security defects SLA. • Support risk exceptions process for the following cases: violations of security defects SLA deviations from security policies/standards (for example, releasing with a higher vulnerability level than defined as satisfactory) • Triage reports from the bug bounty platform, address them to responsible engineering teams • Triage reports from the external attack surface management platform, address them to responsible engineering teams • Maintain security scanners deployed in production environment, which includes: deploy new versions • Patch security vulnerabilities • Make sure security hardening benchmarks are met (such as CIS or STIG) • Make sure other requirements for production deployment are met (logging, monitoring, backups, etc.)

Requirements

• Technical experience in product architecture, design, implementation • Expertise with product security design, review, implementation including threat modeling and risk assessment implications • U.S citizenship required • Extensive experience with web and mobile application testing- SAST/DAST, penetration testing • Secure design and implementation capabilities • Experience with open-source software including lifecycle management, vulnerability management tools • Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management • Outstanding organizational and time management skills, desire to work within a highly collaborative team

Benefits

• Comprehensive medical, dental, vision, disability, life insurance • Health Savings Account (HSA), Flexible Spending Account (FSAs) and Commuter Benefits • 401K match and ESPP • Flexible PTO • Wellness programs including1:1 wellness coaching through TaskHuman and meditation guidance through Headspace • Paid parental leave and new parent gift boxes • Pet insurance • Employee Assistance Program (EAP) with counseling sessions available 24/7 • Rocket Lawyer services that provide legal advice, document creation and estate planning • Employee bonus referral program