本文发表在 rolia.net 枫下论坛工资范围: 年薪25万到50万,总监:年薪80万左右
公司 ringcentral.com
联系人:lynn.liu@ringcentral.com
Sr. C++ Engineer
Key Responsibility:
Build robust, high performance, well structured cross platform foundation library, which will be utilized on iOS, android, WP and potentially desktop platforms.
Duties:
- Develops in C++, Java and Objective-C to create cross-platform mobile apps.
- Collaborates and adds value through participation in peer code reviews, providing comments and suggestions
- Provides reliable solutions to a variety of problems using sound problem solving techniques
- Performs technical root cause analysis and outlines corrective action for given problems
- Estimate level of effort, evaluate new options of similar technology, offer suggestions to improve processes, and provide comments on some design aspects
Qualifications:
- 3+ years C++ cross platform ( Android/iOS ) development experience.
- Understand the basic of Linux, can write simple bash scripts, Makefiles, etc.
- Solid understanding of data structures and algorithms
- Strong verbal and written communication skills
- Strong analytical and problem-solving skills
Security Operations Lead
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As a Security Operations Lead at RingCentral, your primary responsibilities are to design, implement, and oversee a comprehensive incident management, operations, and threat intelligence program for RingCentral’s global cloud services environment. Additional responsibilities include utilizing strong leadership and creative skills to innovate and improve security operations processes, developing the program to manage various scanning tools, generating actionable analyses and threat intelligence from tools, logs, and other data sources, ensuring strong documentation is in place to support ongoing SOC activities, and training and mentoring other Security Operations personnel.
Successful candidates will:
• Have proven skills in network and system security / administration, security monitoring, incident response, intrusion analysis and computer forensics, analysis of malicious code and exploits
• Have expert knowledge of the diverse methods and technologies used to protect web/mobile/desktop applications, SaaS infrastructure, and data
• Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills
• Demonstrated track record of quality processes in candidate’s work history
• Be strongly self-motivated with an aptitude for both individual and team-oriented work
Responsibilities:
• Lead & train the SOC team
• Design and implement security monitoring and security operations program for a global cloud services environment.
• Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment.
• Review events, alarms, logs, and interpret data.
• Conduct investigations of alarms and incidents.
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Process development, implementation, and improvement
• Generate threat intelligence and conduct pro-active threat research
• Lead incident response activities and security investigations, triage and prioritize investigation activities, and introduce incident management best practices.
• Ensure RingCentral is in compliance with all applicable Federal and global laws and regulations regarding the monitoring of information
• Provide detailed documentation in support of RingCentral’s ongoing security operations programs.
• Manage various monitoring and scanning tools. Identify and track suspicious activity by reviewing data from these tools, and analyzing system events.
• Select and report on security operations metrics.
• Work with ISPs, carriers and partners to respond to events, conduct investigations, and minimize incidents.
• Provide post mortem reporting for security incidents and recommendations to prevent recurrence.
• Identify trends and patterns, summarize key findings, and recommend process and system enhancements.
• Collaborate with cross-functional groups such as Engineering, Operations, Support and Product Management to enhance tools, processes, and detection methods
• Review issues escalated by other Security Operations team members and provide guidance on resolution.
• Manage and respond to escalations from internal and external parties within designated service levels.
• Educate internal team members and external parties on processes and procedures.
Position Requirements
• 4 years in a security operations role in a cloud services environment.
• BA/BS degree or 4 years equivalent experience in diverse technical and operations roles.
• Expert knowledge of protocols and troubleshooting
• Strong knowledge of IDS, SIEM, vulnerability management, anti-malware protection, case management, and related operational processes and metrics.
• Strong knowledge of virtualization and expert knowledge of Linux / Windows operating systems including strong command line skills
• Experience investigating data breach response events and successfully leading incident response activities across cross functional teams and geographies.
• Expert knowledge of common security monitoring, analysis, and response techniques, including collection of indicators of compromise
• Solid knowledge of various compliance and regulations for the protection of customer personal information and credit card information. (Examples include but are not limited to PII, PCI, and CPNI)
• Periodic travel required
• This role participates in on-call rotations
Strongly Preferred
• SANS GIAC GCIA (GIAC Certified Intrusion Analyst) and/or SANS GIAC GCIH (GIAC Certified Incident Handler) certifications
• Experience using Qulays, Tripwire, Sourcefire, AlienVault, SumoLogic, Imperva, Juniper (routers, firewalls, J-Flow), Syslog, packet capture, and Windows Event Log tools and infrastructure.
• Experience with security laws and frameworks such as HIPAA, PCI-DSS, and others
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Experience with operations and service quality management processes such as ITIL
• Experience with scripting or programming, and SecDevOps – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts
• Experience working with global teams
• Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
• Experience with supervisory responsibilities
Application Security Engineer
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As an Application Security Architect you’ll lead the partnering with Engineering, QA, and Product teams to drive security practices and technical solutions throughout development and testing in a fast moving Agile and cloud communication services environment. This role will focus on the development and implementation of security architecture, application and infrastructure designs, development practices, and testing methods in a complex cloud SaaS / VoIP environment. The successful candidate will bring vision to the role and will have strong expertise in security architecture practices, secure coding practices, security testing tools, common development and QA processes, Agile, and will have experience with development, security testing, security user stories, and the necessary experience to create detailed technical specifications for security in application and product designs. They will have domain expertise that’s applicable across multiple teams and will quickly establish cross-functional relationships with colleagues to become a trusted resource for Product, Development, QA, Operations, and IT departments, while also have a hands-on role in designing solutions and creating specifications for those teams.
Responsibilities:
Build and facilitate company-wide security architecture practice and secure software development programs
Develop and execute application security roadmap that aligns with technical and business risk, including identifying threats and potential areas for abuse in applications, specifying solutions, verifying through testing, and determining the necessary level of architecture activity and project oversight based on risk
Translate security requirements into architectures and specific technology implementations
Build re-usable security libraries and other components for Engineering teams to use in their development work
Assist Engineering teams with code review and code security
Assist QA in developing security test cases
Analyze and tune web application firewall (WAF) alerts
Develop presentations, diagrams and documentation to communicate security topics, and design requirements that bring clarity to technical and non- technical audiences
Drive security requirements through designing and building prototypes, proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories
Work with Engineering to embed secure development practices and lead projects to select and deploy developer tools
Develop key indicators of malicious activities and ensure mitigation and detection measures are designed and built into applications
Develop security metrics and measurement for application security, security architecture, and SDL security activities
Design and implement automation for repetitive security tasks
Mentor other technical team members and help train security advocates in developer teams
Participate in tier 4 security escalation support
Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques
Position Requirements
Degree in CS, EE or other Engineering Program.
5+ years combined experience with both a detailed technical knowledge and hands-on practice working in security architecture, application and network penetration testing, secure software development and/or QA
Advanced knowledge of web architectures, web applications, REST APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure
Detailed knowledge of cloud VoIP, web, mobile, and client application security vulnerabilities, attack methods, and countermeasure techniques
Experience with a broad range of attack classes and malware, their workings, and propagation methods
Experience securing platform web APIs
Experiencing securing development environments in inter-company and ODC / partner environments
Experience leading code reviews, pen-tests, or similar projects
Experience deploying and using a wide selection of open source and commercial security development and testing tools (code scanners, fuzzing, using proxies in security testing, etc.)
Experience building security testing tools and scripts for specific environments and use cases, and the ability to craft proof of concept exploits to demonstrate issues
Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product, through implementation (MRDs, PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.)
Expert knowledge of secure application architectures, encryption technologies, cryptography and key management, authentication and control of application permissions, and implementation of same
Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) and security capabilities
Knowledge of web, VoIP and mobile application development and programming languages including Java, C++, Objective C. Previous programming experience, and experience working with product managers, QA teams, and application developers
Knowledge of e-commerce payment systems (credit card, debit card, bank transfers)
Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods in development and QA
Excellent technical documentation skills
Ability to perform threat modeling or use other risk identification techniques
Results driven, creative, professional, persistent, quality oriented, and self-motivated work style. Must be able to prioritize and manage their projects and workload
Experience working with global teams and ability to work global hours when necessary, including U.S., EU, and APAC time zones
Fluency in Mandarin and English (written and verbal)
Desired Qualifications
Experience with Oracle, MongoDB, EMC, NetApp, Juniper NetScreen firewalls, Acme SBCs, and VMWare vSphere (VCenter, vCenter Ops, ESXi, Linux, Windows, and Macintosh OS)
Experience with payment fraud and toll fraud
Strong industry relationships, has conducted industry research, and has a history of presenting their research at security conferences
Experience with PCI, Sarbanes Oxley, SSAE-16 SOC controls, ISO 27001/27002, NIST 800-53, FEDRAMP and other security frameworks
Knowledge of CPNI and global privacy regulations
Security certifications such as CISSP, Certified Ethical Hacker, and SANS GIAC (GPEN, GWAPT, GXPN, GSSP-Java, GWEB, or GSE)
Russian language skills (written and verbal)
Security Data Scientist
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As a Security Data Scientist at RingCentral, your primary responsibilities are to design and implement a comprehensive service abuse analytics and incident detection capability, into aspects of data science, fraud management, indicators of compromise, and threat intelligence for RingCentral’s global cloud services environment. Additional responsibilities include utilizing strong leadership and creative skills to innovate and improve security and fraud operations processes, and training and mentoring other Fraud Prevention and NOC personnel.
Successful candidates will:
• Have expert knowledge of data science methods and technologies, with ability to apply their skills to information security and fraud prevention needs in a cloud service environment
• Think critically, work well under pressure, and possess strong analytical, written, verbal, interpersonal and multi-tasking skills
• An understanding of risk management methodology and factors
• Demonstrated track record of quality in candidate’s work history
• Be strongly self-motivated with an aptitude for both individual and team-oriented work
Responsibilities:
• Design and implement automated models to detect and block attacks, service abuse, and fraudulent usage across the RingCentral ecosystem
• Work with big data to understanding threats and suspicious activity on RingCentral’s applications and developer platform.
• Investigate security and fraud incidents and recommend courses of action
• Build machine learning models to analyze data or coordinate with potential analysis partners and business stakeholders
• Develop uses for security and fraud prevention data in RingCentral products and features
• Design and implement security and fraud monitoring program for a global cloud services environment.
• Monitor security and fraud events, review log data, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment.
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Process development, implementation, and improvement
• Generate threat intelligence and conduct pro-active threat research
• Lead incident response activities and security investigations, triage and prioritize investigation activities, and introduce incident management best practices.
• Ensure RingCentral is in compliance with all applicable Federal and global laws and regulations regarding the monitoring of information
• Provide detailed documentation in support of RingCentral’s ongoing security operations programs
• Develop and report relevant metrics
• Provide post mortem reporting for security and fraud incidents and recommendations to prevent recurrence.
• Identify trends and patterns, summarize key findings, and recommend process and system enhancements.
• Collaborate with cross-functional groups such as Engineering, Operations, Support and Product Management to enhance tools, processes, and detection methods
• Review issues escalated by other Security team members and provide guidance on resolution
• Educate internal team members and external parties on processes and procedures
Position Requirements
• A minimum of 4 years relevant work experience.
• Strong business analytical skills; ability to apply business logic to design and implement data mining techniques on large data sets
• Ability to write clear, concise reports and presentations with an ability to orally communicate effectively; organizational and documentation skill
• Experience in normalizing data to ensure it is homogeneous and consistently formatted to enable sorting, query and analysis
• Ability to interpret business requests as well as communicate findings in a user-friendly manner
• Demonstrated ability to work independently and within a team in a fast changing environment with changing priorities and changing time constraints
• Understanding of Data Warehousing
• Proficient in the use of MS SQL server, Data Visualization (e.g., Tableau or other), MS Excel, Python
• Experience using Hadoop, Vertica and Oracle Data Warehouse
• Working knowledge of statistical analysis, data mining and predictive modeling tools and techniques
• Experience designing, developing, implementing and maintaining a database and programs to manage data analysis efforts
• Working knowledge of ‘Big Data’ concepts and Hadoop/Hive/Hbase, and R tools
• Working knowledge of building self-serve analytics tools for business users
• Periodic travel required
• This role participates in on-call rotations
• Fluency in Mandarin and English (written and verbal)
Desired Qualifications
• Working knowledge of application development
• Knowledge of virtualization, Linux and Windows operating systems including command line skills
• Experience investigating data breach response events and successfully leading incident response activities across cross functional teams and geographies.
• Knowledge of common security monitoring, analysis, and response techniques, including collection and development of indicators of compromise
• Knowledge of various compliance and regulations for the protection of customer personal information and credit card information. (Examples include but are not limited to PII, PCI, and CPNI)
• Knowledge of IDS, SIEM, case management, and related operational processes and metrics
• SANS GIAC GCIA (GIAC Certified Intrusion Analyst) and/or SANS GIAC GCIH (GIAC Certified Incident Handler) certifications
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Knowledge of cloud VoIP, web, mobile, and client application security
• Experience with operations and service quality management processes such as ITIL
• Experience with scripting or programming, and SecDevOps – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts/automation
• Experience working with global teams
• Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
Engineering Director
Job description:
- Management of technical design and implementation of all product components
- Management of development teams to ensure project commitments are met.
- Drive application architecture and participate in design review
- Foster the professional growth of the teams.
- Partner with product management to develop new product delivery.
- Help define, track, and enhance team productivity metric, drive for performance.
Requirements:
- 8+ years hands-on technical/project management.
- Experience in a wide variety of development efforts, techniques and tools.
- Extensive knowledge of Object-C, C++ and Java/JavaScript.
- Ability to write detailed technical design document.
- Extensive experience developing mobile applications for IOS and Android.
- Extensive knowledge on architecture and design Mobile components.
- Extensive knowledge on how to present new architectural thoughts.
- Excellent written and oral English communication skills.
- Excellent leadership skill, has the ability to train and coach teams to move to the next level.
- Open and collaborative. Must be comfortable working in an environment where ideas are shared and challenged.
- Must be enthusiastic about his work and enjoy being accountable.
- Proven record of leading 20+ teams.
- BS in Computer Science or equivalent, MS a plus.更多精彩文章及讨论,请光临枫下论坛 rolia.net
公司 ringcentral.com
联系人:lynn.liu@ringcentral.com
Sr. C++ Engineer
Key Responsibility:
Build robust, high performance, well structured cross platform foundation library, which will be utilized on iOS, android, WP and potentially desktop platforms.
Duties:
- Develops in C++, Java and Objective-C to create cross-platform mobile apps.
- Collaborates and adds value through participation in peer code reviews, providing comments and suggestions
- Provides reliable solutions to a variety of problems using sound problem solving techniques
- Performs technical root cause analysis and outlines corrective action for given problems
- Estimate level of effort, evaluate new options of similar technology, offer suggestions to improve processes, and provide comments on some design aspects
Qualifications:
- 3+ years C++ cross platform ( Android/iOS ) development experience.
- Understand the basic of Linux, can write simple bash scripts, Makefiles, etc.
- Solid understanding of data structures and algorithms
- Strong verbal and written communication skills
- Strong analytical and problem-solving skills
Security Operations Lead
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As a Security Operations Lead at RingCentral, your primary responsibilities are to design, implement, and oversee a comprehensive incident management, operations, and threat intelligence program for RingCentral’s global cloud services environment. Additional responsibilities include utilizing strong leadership and creative skills to innovate and improve security operations processes, developing the program to manage various scanning tools, generating actionable analyses and threat intelligence from tools, logs, and other data sources, ensuring strong documentation is in place to support ongoing SOC activities, and training and mentoring other Security Operations personnel.
Successful candidates will:
• Have proven skills in network and system security / administration, security monitoring, incident response, intrusion analysis and computer forensics, analysis of malicious code and exploits
• Have expert knowledge of the diverse methods and technologies used to protect web/mobile/desktop applications, SaaS infrastructure, and data
• Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills
• Demonstrated track record of quality processes in candidate’s work history
• Be strongly self-motivated with an aptitude for both individual and team-oriented work
Responsibilities:
• Lead & train the SOC team
• Design and implement security monitoring and security operations program for a global cloud services environment.
• Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment.
• Review events, alarms, logs, and interpret data.
• Conduct investigations of alarms and incidents.
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Process development, implementation, and improvement
• Generate threat intelligence and conduct pro-active threat research
• Lead incident response activities and security investigations, triage and prioritize investigation activities, and introduce incident management best practices.
• Ensure RingCentral is in compliance with all applicable Federal and global laws and regulations regarding the monitoring of information
• Provide detailed documentation in support of RingCentral’s ongoing security operations programs.
• Manage various monitoring and scanning tools. Identify and track suspicious activity by reviewing data from these tools, and analyzing system events.
• Select and report on security operations metrics.
• Work with ISPs, carriers and partners to respond to events, conduct investigations, and minimize incidents.
• Provide post mortem reporting for security incidents and recommendations to prevent recurrence.
• Identify trends and patterns, summarize key findings, and recommend process and system enhancements.
• Collaborate with cross-functional groups such as Engineering, Operations, Support and Product Management to enhance tools, processes, and detection methods
• Review issues escalated by other Security Operations team members and provide guidance on resolution.
• Manage and respond to escalations from internal and external parties within designated service levels.
• Educate internal team members and external parties on processes and procedures.
Position Requirements
• 4 years in a security operations role in a cloud services environment.
• BA/BS degree or 4 years equivalent experience in diverse technical and operations roles.
• Expert knowledge of protocols and troubleshooting
• Strong knowledge of IDS, SIEM, vulnerability management, anti-malware protection, case management, and related operational processes and metrics.
• Strong knowledge of virtualization and expert knowledge of Linux / Windows operating systems including strong command line skills
• Experience investigating data breach response events and successfully leading incident response activities across cross functional teams and geographies.
• Expert knowledge of common security monitoring, analysis, and response techniques, including collection of indicators of compromise
• Solid knowledge of various compliance and regulations for the protection of customer personal information and credit card information. (Examples include but are not limited to PII, PCI, and CPNI)
• Periodic travel required
• This role participates in on-call rotations
Strongly Preferred
• SANS GIAC GCIA (GIAC Certified Intrusion Analyst) and/or SANS GIAC GCIH (GIAC Certified Incident Handler) certifications
• Experience using Qulays, Tripwire, Sourcefire, AlienVault, SumoLogic, Imperva, Juniper (routers, firewalls, J-Flow), Syslog, packet capture, and Windows Event Log tools and infrastructure.
• Experience with security laws and frameworks such as HIPAA, PCI-DSS, and others
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Experience with operations and service quality management processes such as ITIL
• Experience with scripting or programming, and SecDevOps – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts
• Experience working with global teams
• Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
• Experience with supervisory responsibilities
Application Security Engineer
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As an Application Security Architect you’ll lead the partnering with Engineering, QA, and Product teams to drive security practices and technical solutions throughout development and testing in a fast moving Agile and cloud communication services environment. This role will focus on the development and implementation of security architecture, application and infrastructure designs, development practices, and testing methods in a complex cloud SaaS / VoIP environment. The successful candidate will bring vision to the role and will have strong expertise in security architecture practices, secure coding practices, security testing tools, common development and QA processes, Agile, and will have experience with development, security testing, security user stories, and the necessary experience to create detailed technical specifications for security in application and product designs. They will have domain expertise that’s applicable across multiple teams and will quickly establish cross-functional relationships with colleagues to become a trusted resource for Product, Development, QA, Operations, and IT departments, while also have a hands-on role in designing solutions and creating specifications for those teams.
Responsibilities:
Build and facilitate company-wide security architecture practice and secure software development programs
Develop and execute application security roadmap that aligns with technical and business risk, including identifying threats and potential areas for abuse in applications, specifying solutions, verifying through testing, and determining the necessary level of architecture activity and project oversight based on risk
Translate security requirements into architectures and specific technology implementations
Build re-usable security libraries and other components for Engineering teams to use in their development work
Assist Engineering teams with code review and code security
Assist QA in developing security test cases
Analyze and tune web application firewall (WAF) alerts
Develop presentations, diagrams and documentation to communicate security topics, and design requirements that bring clarity to technical and non- technical audiences
Drive security requirements through designing and building prototypes, proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories
Work with Engineering to embed secure development practices and lead projects to select and deploy developer tools
Develop key indicators of malicious activities and ensure mitigation and detection measures are designed and built into applications
Develop security metrics and measurement for application security, security architecture, and SDL security activities
Design and implement automation for repetitive security tasks
Mentor other technical team members and help train security advocates in developer teams
Participate in tier 4 security escalation support
Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques
Position Requirements
Degree in CS, EE or other Engineering Program.
5+ years combined experience with both a detailed technical knowledge and hands-on practice working in security architecture, application and network penetration testing, secure software development and/or QA
Advanced knowledge of web architectures, web applications, REST APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure
Detailed knowledge of cloud VoIP, web, mobile, and client application security vulnerabilities, attack methods, and countermeasure techniques
Experience with a broad range of attack classes and malware, their workings, and propagation methods
Experience securing platform web APIs
Experiencing securing development environments in inter-company and ODC / partner environments
Experience leading code reviews, pen-tests, or similar projects
Experience deploying and using a wide selection of open source and commercial security development and testing tools (code scanners, fuzzing, using proxies in security testing, etc.)
Experience building security testing tools and scripts for specific environments and use cases, and the ability to craft proof of concept exploits to demonstrate issues
Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product, through implementation (MRDs, PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.)
Expert knowledge of secure application architectures, encryption technologies, cryptography and key management, authentication and control of application permissions, and implementation of same
Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) and security capabilities
Knowledge of web, VoIP and mobile application development and programming languages including Java, C++, Objective C. Previous programming experience, and experience working with product managers, QA teams, and application developers
Knowledge of e-commerce payment systems (credit card, debit card, bank transfers)
Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods in development and QA
Excellent technical documentation skills
Ability to perform threat modeling or use other risk identification techniques
Results driven, creative, professional, persistent, quality oriented, and self-motivated work style. Must be able to prioritize and manage their projects and workload
Experience working with global teams and ability to work global hours when necessary, including U.S., EU, and APAC time zones
Fluency in Mandarin and English (written and verbal)
Desired Qualifications
Experience with Oracle, MongoDB, EMC, NetApp, Juniper NetScreen firewalls, Acme SBCs, and VMWare vSphere (VCenter, vCenter Ops, ESXi, Linux, Windows, and Macintosh OS)
Experience with payment fraud and toll fraud
Strong industry relationships, has conducted industry research, and has a history of presenting their research at security conferences
Experience with PCI, Sarbanes Oxley, SSAE-16 SOC controls, ISO 27001/27002, NIST 800-53, FEDRAMP and other security frameworks
Knowledge of CPNI and global privacy regulations
Security certifications such as CISSP, Certified Ethical Hacker, and SANS GIAC (GPEN, GWAPT, GXPN, GSSP-Java, GWEB, or GSE)
Russian language skills (written and verbal)
Security Data Scientist
This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.
As a Security Data Scientist at RingCentral, your primary responsibilities are to design and implement a comprehensive service abuse analytics and incident detection capability, into aspects of data science, fraud management, indicators of compromise, and threat intelligence for RingCentral’s global cloud services environment. Additional responsibilities include utilizing strong leadership and creative skills to innovate and improve security and fraud operations processes, and training and mentoring other Fraud Prevention and NOC personnel.
Successful candidates will:
• Have expert knowledge of data science methods and technologies, with ability to apply their skills to information security and fraud prevention needs in a cloud service environment
• Think critically, work well under pressure, and possess strong analytical, written, verbal, interpersonal and multi-tasking skills
• An understanding of risk management methodology and factors
• Demonstrated track record of quality in candidate’s work history
• Be strongly self-motivated with an aptitude for both individual and team-oriented work
Responsibilities:
• Design and implement automated models to detect and block attacks, service abuse, and fraudulent usage across the RingCentral ecosystem
• Work with big data to understanding threats and suspicious activity on RingCentral’s applications and developer platform.
• Investigate security and fraud incidents and recommend courses of action
• Build machine learning models to analyze data or coordinate with potential analysis partners and business stakeholders
• Develop uses for security and fraud prevention data in RingCentral products and features
• Design and implement security and fraud monitoring program for a global cloud services environment.
• Monitor security and fraud events, review log data, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment.
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Process development, implementation, and improvement
• Generate threat intelligence and conduct pro-active threat research
• Lead incident response activities and security investigations, triage and prioritize investigation activities, and introduce incident management best practices.
• Ensure RingCentral is in compliance with all applicable Federal and global laws and regulations regarding the monitoring of information
• Provide detailed documentation in support of RingCentral’s ongoing security operations programs
• Develop and report relevant metrics
• Provide post mortem reporting for security and fraud incidents and recommendations to prevent recurrence.
• Identify trends and patterns, summarize key findings, and recommend process and system enhancements.
• Collaborate with cross-functional groups such as Engineering, Operations, Support and Product Management to enhance tools, processes, and detection methods
• Review issues escalated by other Security team members and provide guidance on resolution
• Educate internal team members and external parties on processes and procedures
Position Requirements
• A minimum of 4 years relevant work experience.
• Strong business analytical skills; ability to apply business logic to design and implement data mining techniques on large data sets
• Ability to write clear, concise reports and presentations with an ability to orally communicate effectively; organizational and documentation skill
• Experience in normalizing data to ensure it is homogeneous and consistently formatted to enable sorting, query and analysis
• Ability to interpret business requests as well as communicate findings in a user-friendly manner
• Demonstrated ability to work independently and within a team in a fast changing environment with changing priorities and changing time constraints
• Understanding of Data Warehousing
• Proficient in the use of MS SQL server, Data Visualization (e.g., Tableau or other), MS Excel, Python
• Experience using Hadoop, Vertica and Oracle Data Warehouse
• Working knowledge of statistical analysis, data mining and predictive modeling tools and techniques
• Experience designing, developing, implementing and maintaining a database and programs to manage data analysis efforts
• Working knowledge of ‘Big Data’ concepts and Hadoop/Hive/Hbase, and R tools
• Working knowledge of building self-serve analytics tools for business users
• Periodic travel required
• This role participates in on-call rotations
• Fluency in Mandarin and English (written and verbal)
Desired Qualifications
• Working knowledge of application development
• Knowledge of virtualization, Linux and Windows operating systems including command line skills
• Experience investigating data breach response events and successfully leading incident response activities across cross functional teams and geographies.
• Knowledge of common security monitoring, analysis, and response techniques, including collection and development of indicators of compromise
• Knowledge of various compliance and regulations for the protection of customer personal information and credit card information. (Examples include but are not limited to PII, PCI, and CPNI)
• Knowledge of IDS, SIEM, case management, and related operational processes and metrics
• SANS GIAC GCIA (GIAC Certified Intrusion Analyst) and/or SANS GIAC GCIH (GIAC Certified Incident Handler) certifications
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Knowledge of cloud VoIP, web, mobile, and client application security
• Experience with operations and service quality management processes such as ITIL
• Experience with scripting or programming, and SecDevOps – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts/automation
• Experience working with global teams
• Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
Engineering Director
Job description:
- Management of technical design and implementation of all product components
- Management of development teams to ensure project commitments are met.
- Drive application architecture and participate in design review
- Foster the professional growth of the teams.
- Partner with product management to develop new product delivery.
- Help define, track, and enhance team productivity metric, drive for performance.
Requirements:
- 8+ years hands-on technical/project management.
- Experience in a wide variety of development efforts, techniques and tools.
- Extensive knowledge of Object-C, C++ and Java/JavaScript.
- Ability to write detailed technical design document.
- Extensive experience developing mobile applications for IOS and Android.
- Extensive knowledge on architecture and design Mobile components.
- Extensive knowledge on how to present new architectural thoughts.
- Excellent written and oral English communication skills.
- Excellent leadership skill, has the ability to train and coach teams to move to the next level.
- Open and collaborative. Must be comfortable working in an environment where ideas are shared and challenged.
- Must be enthusiastic about his work and enjoy being accountable.
- Proven record of leading 20+ teams.
- BS in Computer Science or equivalent, MS a plus.更多精彩文章及讨论,请光临枫下论坛 rolia.net