RingCentral is looking for an experienced, hands-on Senior Security Engineering and Operations Manager
. This is a leadership role focused on managing a team of security engineers, ensuring successful project delivery, implementing effective cyber security infrastructure, monitoring, and information risk management for RingCentral’s global corporate and cloud service environments.
This role is responsible for RingCentral’s global security engineering function, including security capabilities in public and private cloud, application security, and security automation. Reports to Senior Director, Security and Data Privacy.
Responsible for envisioning, designing, and implementing plans for enterprise architecture to ensure the appropriate capacity, capabilities, and infrastructure are available to support business initiatives. Work with the Director on budgetary and procurement issues necessary to support those needs.
Responsible for technology leadership and planning, architecture and engineering, operation of security infrastructure, workforce planning, work intake, availability and capacity planning, project delivery, team performance and metrics for: Security tools and infrastructure, application security, public cloud security, DFIR (digital forensics and incident response), cyber security scripting and automation, and metrics.
Essential Job Functions:
- Enterprise and Cloud Security Planning - Work closely with Operations, IT, Product, and Engineering leadership to scope, execute, and complete programs related to public cloud, private cloud and corporate security
- Design and implement layered security for VoIP and web services hosted in AWS and dedicated data centers
- Design and maintain security event detection, incident response and digital forensics capabilities
- Communicate vertically and horizontally across the company to keep stakeholders informed
- Drive on-going process improvements and gap remediation activities as required
- Monitor and manage security infrastructure such as Intrusion Prevention Systems, VPN devices,
- Participate in team on-call and escalation
- Develop measurements and metrics for departmental and security control performance
- Technical security architectures and standards
- Secure Software Development – Maintain and enhance application security programs in partnership with Engineering
- Leadership – Influencing; gain the support of others even without direct authority; build voluntary cooperation through expertise, a credible reputation, influence and persuasion; generate enthusiasm and commitment to the missions; actively resolve conflict and demonstrate effective conflict management skills; see the potential in people, opportunities and events; be willing to change or abandon current practices and programs; take calculated risks to improve team capabilities and performance, try something new, reach for and achieve challenging goals; act decisively in a crisis; instill respect and trust
- Operational Excellence / Execution – Establish due dates for projects and assignments; hold yourself and others accountable for meeting deadlines and targets; conduct routine follow-up to ensure actions agreed upon are accomplished; let people know immediately when deadlines might not be met; make back-up plans for important projects; accurate budgeting, staffing and scheduling; proactive work style, starting well in advance of deadlines, not waiting until the last minute to get work done, and leaving adequate room in schedules to address unexpected issues that surface during projects
- Motivating/Developing Employees – Learn what motivates each employee; use the knowledge of their strengths and interests to benefit both the employee and the company; identify employee development opportunities and create plans and milestones for achievement; communicate clear expectations; provide employees with ongoing constructive feedback; address issues of concern in a timely and thoughtful manner; provide recognition to those who have earned it;
- Project Management - Plan and budget activities for security initiatives and projects.
- Prioritize and coordinate team's efforts to align with organizational initiatives; provide routine activity and status reports for ongoing development projects; manage project assignments to ensure compliance with departmental goals, industry standards, and other business requirements; facilitate, schedule and coordinate meetings; communicate project status to management and clients
- Purchasing and Vendor Management - Works with the Senior Director to ensure proper budgetary, procurement and legal processes are followed to implement plans; manages relationships with vendors and consultants throughout the procurement and implementation of projects
- Availability of Security Tools and Infrastucture - Responsible for disaster recovery planning and testing; work with stakeholders to develop a business continuity plan; coordinate with facilities director on needed improvements in the data center
- Staffing - Recruit, hire, and develop security engineering staff
- Innovation and a practice of continuous improvement - Continually evaluate and implement new technology platforms and initiatives to support organizational strategies; provide the team with guidance and direction regarding implementation methods and technical requirements; identify opportunities for process improvement; assist in the development of departmental standards and practices
- Operational Management - Ensure that the design and implementation of security systems will adequately support the organization; ensure that systems will provide the appropriate level of security, reliability and automation; perform ongoing digital forensics and incident response activities; develop a systems maintenance plan; develop measurements and metrics; document system architecture and operational practices; serve in a technical lead capacity
- Solution Evaluation and Implementation - Initiate and participate in projects to evaluate technologies and methods for implementing plans to support organizational strategies and efficiencies; conduct research on emerging technologies in support of security efforts and recommend technologies and methods that will increase security effectiveness, cost effectiveness and organizational flexibility; develop and execute test plans to check and regularly verify security measures; implement and complete new initiatives, project implementation and ongoing maintenance
- Training & Support - Provide escalated support for both custom and purchased tools; provide training on custom and commercial systems to team members
- Bachelor degree in any field required; bachelor degree in Computer Science, Information Security, or related field is strongly preferred
- Minimum 8 years experience with cyber security required;
- Ability to work with a proven expertise in last few years in 24x7 operations environment is preferred
- Strong knowledge of common security monitoring, analysis, vulnerability management, case management, and related operational processes and metrics
- Experience successfully managing cyber security investigation and response across cross functional teams and geographies (Global DFIR)
- Secure software development experience, i.e. integrating security into CI/CD/QA
- Process development, implementation, and improvement
- Expert at server, workstation, mobile and application security
- Understand how to achieve technical security requirements for multiple security frameworks
- Strong understanding of foundational XaaS protocols and troubleshooting
- Experience with virtualization, and Linux / Windows operating systems including strong command line and scripting skills
- Periodic travel required
- This role participates in on-call rotations
Preferred Skills and Experience:
- One or more SANS GIAC certifications. Examples include GCIA, GCIH GMON, GNFA, GCFA, GREM, GPEN, GWAPT, GCED, GCWN, GCWN, GCUX, GWEB, GCTI, GPYC, GMOB, and GSE.
- Experience with Cisco UCS, Dell, Vmware Esxi 5/6, Netapp/EMC storage, AWS and GPC
- Experience with puppet, foreman, docker, elastic search
- Experience with Qulays, Sourcefire, AlienVault, Imperva, Juniper (routers, firewalls, J-Flow), Syslog, packet capture, and Windows Event Log tools and infrastructure.
- Experience with security laws and frameworks such as SOC2, ISO 27001, HIPAA, HITRUST, FedRAMP, PCI-DSS, and others
- Privacy Engineering experience, experience with global privacy laws and frameworks
- Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
- Experience with operations and service quality management processes such as ITIL
- Experience with scripting or programming – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts
- Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
RingCentral, Inc. (NYSE: RNG) is a global provider of cloud unified communications and collaboration solutions. More flexible and cost-effective than legacy on-premise systems, RingCentral empowers today’s mobile and distributed workforces to be connected anywhere and on any device through voice, video, team messaging, collaboration, SMS, conferencing, online meetings, contact center, and fax. RingCentral provides an open platform that integrates with today’s leading business apps while giving customers the flexibility to customize their own workflows. RingCentral is a leader in the 2016 Gartner Magic Quadrant for Unified Communications as a Service Worldwide for the second consecutive year. RingCentral is headquartered in Belmont, Calif.
RingCentral is an EEO/AA employer.