People Matter

AppSec Automation Engineer

RingCentral

RingCentral

Software Engineering
Valencia, Spain
Posted on Jul 18, 2024

Say hello to possibilities.

It’s not everyday that you consider starting a new career. We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re the $2 billion global leader in cloud-based communications and collaboration software. We are fundamentally changing the nature of human interaction—giving people the freedom to connect powerfully and personally from anywhere, at any time, on any device.

This is where you and your skills come in. We’re currently looking for: an AppSec Automation Engineer with a solid experience in integrating tools into CI/CD pipelines, automating scans management and orchestration, building feedback channels for these tools. The engineer will work with all RingCentral product lines, including PBX, Video, Messaging, Unified App, Webinars, Analytics, AI, Integrations, Contact Center, Video Conferencing, etc.

The RingCentral Application Security team is a part of a larger CISO team. The area of responsibility of the application security team includes enablement and support for RingCentral’s Security Development Lifecycle (SDL) program. This includes development of infosec governance artifacts i.e., policies, standards and procedures for secure software development at RingCentral, leading security architecture reviews and threat modelings, developing security requirements, SAST/DAST/SCA testing and integration of these tools into the build and deploy process, penetration testing, managing bug bounty program.



Key Responsibilities:

  • Collaborate with DevOps engineers to design security tools/scanners integrations into their pipelines

  • Develop solutions that could be universal and easy to use by DevOps engineers who use a wide range of technologies for their pipelines (solutions examples: GitLab CI/CD templates, Jenkins shared libraries, API-s listening to webhooks)

  • Develop automation (for example, Jenkins jobs) for scheduled regular runs of security scanners

  • Develop in-house utilities/API-s/web-apps needed for the application security team (such as scripts, that implement security checks, dashboards, etc.)

  • Support existing solutions (such as GitLab CI/CD templates, Jenkins jobs and shared libraries, in-house developed API-s) by fixing bugs identified by DevOps engineers, adding new features, various improvements (for example, performance enhancements) and onboarding new system components

  • Support infrastructure for the security tools/scanners that have on-premises installations, which includes:

    • keep underlying operating systems updated

    • install updates from vendors to these tools

    • restore these tools in case of failures

    • deploy additional tools or additional machines for existing tools in case of scaling

  • Design/develop/support feedback channels for engineering teams from the security tools/scanners, such as dashboards or JIRA integrations or any interfaces to allow statuses setting

  • Communicate with the security tools/scanners vendors to resolve issues if any

  • Run trial/demo installations in case of purchasing new security tools

Security tools/scanners include, but are not limited to SAST, DAST and SCA

Qualifications & Skills:

  • 2+ years of experience on a similar position (DevSecOps engineer, DevOps engineer, application security engineer)

  • Understanding of CI/CD processes

  • Scripting skills for automation in any language

  • Experience in Python back-end development

  • System administration skills (Windows, Unix)

  • Experience with Docker

  • Understanding concepts related to git repositories, in particular GitLab (branch, commit, merge request, etc.)

  • Experience in GitLab CI/CD development

  • Experience in Jenkins jobs development

  • Experience or willingness to learn and work with static code analysis (SAST), dynamic application analysis (DAST), and dependency analyzers (SCA)

  • Nice to have:

    • familiar with the principles of building a secure software development lifecycle (for example, based on OWASP SAMM)

    • familiar with OWASP DevSecOps Guideline

    • understanding of GitOps approach

    • experience with modifying/creating rules for security scanners

    • experience in front-end development


What we offer:

  • Well-coordinated professional team;

  • Life assurance and private medical insurance;

  • Competitive salary;

  • Great opportunities for self-realization, professional and career growth;

  • Corporate training programs, free language courses;

  • Excellent work environment and good collaboration;

  • Opportunity to be a part of the international company.

RingCentral’s Engineering team works on high-complexity projects that set the standard for performance and reliability at massive scale. What kind of scale? Millions of users today and hundreds of millions tomorrow. This is your chance to help imagine, develop and deliver products that raise the technological bar, and power human connections. If you’re a talented, ambitious, creative thinker, RingCentral is the perfect environment to join a world class team and bring your ideas to life.

RingCentral’s work culture is the backbone of our success. And don’t just take our word for it: we are recognized as a Best Place to Work by Glassdoor, the Top Work Culture by Comparably and hold local BPTW awards in every major location. Bottom line: We are committed to hiring and retaining great people because we know you power our success. RingCentral offers on-site, remote and hybrid work options optimized for the ways we work and live now.

About RingCentral

RingCentral, Inc. (NYSE: RNG) is a leading provider of business cloud communications and contact center solutions based on its powerful Message Video Phone™ (MVP™) global platform. More flexible and cost effective than legacy on-premises PBX and video conferencing systems that it replaces, RingCentral® empowers modern mobile and distributed workforces to communicate, collaborate, and connect via any mode, any device, and any location. RingCentral is headquartered in Belmont, California, and has offices around the world.

RingCentral is an equal opportunity employer that truly values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.