Director, Security Engineering and Operations
Director, Security Engineering and Operations
Job Type: Full-Time
Location: Belmont, CA
Department: SecOps - Operations
The RingCentral environment is dynamic, success-driven, team-oriented and committed to providing world class service for its customers. Do you have the ability to thrive in a fast-paced environment? We are looking for candidates with an entrepreneurial spark!
We’re not a phone company; we’re a cloud business-solutions provider. We've thrown out the old PBX along with its rigid rules and eliminated the complexity and unnecessary expense of managing business communications the old way.
RingCentral fosters career development and provides leadership training, education, workshops, and coaching for all employees. RingCentral promotes a healthy work-life balance by providing catered lunch and breakfast daily as well as a kitchen stocked with a variety of complimentary beverages and delicious snacks.
RingCentral is looking for an experienced Director of Security Engineering and Operations. This is a leadership role focused on managing a team of security engineers and analysts, implementing effective technical cyber security measures, deploying and managing security infrastructure, secure software development, automation, monitoring, ensuring successful project delivery, intrusion analysis and incident response for RingCentral’s global corporate and cloud service environments.
This role is responsible for RingCentral’s global security engineering function, including security capabilities in public and private cloud, application security, mature digital forensics and incident response processes and security automation. Reports to AVP of Cyber Security and Compliance.
Responsible for envisioning, designing, and implementing enterprise and cloud security architectures to ensure the necessary technical security measures, system capacity and skills are in place to support global business initiatives and company growth. Responsible for working with their team and cross functionally to plan and mange budget and execute procurement to support those needs. Responsible for technology leadership and planning, architecture and engineering, operation of security infrastructure, technical security roadmaps, security operations, workforce planning, work intake, security infrastructure availability, capacity planning, project delivery, team performance and metrics for: Security tools and infrastructure, application security, public and private cloud security, DFIR (digital forensics and incident response), cyber security automation, and team metrics.
Essential Job Functions:
- Enterprise and Cloud Security Planning - Work closely with Operations, IT, Product, and Engineering leadership to scope, execute, and complete programs related to public cloud, private cloud and corporate security
- Design and implement layered security for web and unified communications services hosted in public and private cloud environments
- Design and maintain security event detection, incident response and digital forensics capabilities
- Stakeholder engagement: Communicate vertically and horizontally across the company to keep stakeholders informed and involved
- Drive on-going security capability improvements and risk remediation activities
- Monitor and manage security infrastructure
- Participate on-call activities
- Develop measurements and metrics for departmental and security performance
- Technical security architectures and standards
- Maintaining and enhancing application security programs in partnership with Engineering teams
- Leadership – Influencing; gain the support of others even without direct authority; build voluntary cooperation through expertise, a credible reputation, influence and persuasion; generate enthusiasm and commitment to the missions; actively resolve conflict and demonstrate effective conflict management skills; see the potential in people, opportunities and events; be willing to change or abandon current practices and programs; take calculated risks to improve team capabilities and performance, try something new, reach for and achieve challenging goals; act decisively in a crisis; instill respect and trust
- Operational Excellence / Execution – Establish due dates for projects and assignments; hold yourself and others accountable for meeting deadlines and targets; conduct routine follow-up to ensure actions agreed upon are accomplished; inform stakeholders promptly when deadlines might not be met; make back-up plans for important projects; perform accurate budgeting, staffing and scheduling; operate using a proactive work style – examples include starting well in advance of deadlines and leaving adequate room in schedules to address unexpected issues that surface during projects, reaching out to peers and engaging them is long term planning, having a vision and roadmap that extend well past near term deliverables, and taking ongoing steps to achieve long term goals
- Motivating/Developing Employees – Learn what motivates each employee; use the knowledge of their strengths and interests to benefit both the employee and the company; identify employee development opportunities and create plans and milestones for achievement; communicate clear expectations; provide employees with ongoing constructive feedback; address issues of concern in a timely and thoughtful manner; provide recognition to those who have earned it;
- Project Management - Plan and budget activities for security initiatives and projects.
- Prioritize and coordinate team's efforts to align with organizational initiatives; provide routine activity and status reports for ongoing development projects; manage project assignments to ensure compliance with departmental goals, industry standards, and other business requirements; facilitate, schedule and coordinate meetings; communicate project status to management and clients
- Purchasing and Vendor Management - Works with the Senior Director to ensure proper budgetary, procurement and legal processes are followed to implement plans; manages relationships with vendors and consultants throughout the procurement and implementation of projects
- Availability of Security Tools and Infrastructure - Responsible for disaster recovery planning and testing; work with stakeholders to develop a business continuity plan; coordinate with facilities director on needed improvements in the data center
- Staffing - Recruit, hire, and develop security engineering and operations staff
- Innovation and a practice of continuous improvement - Continually evaluate and implement new technology platforms and initiatives to support organizational strategies; provide the team with guidance and direction regarding implementation methods and technical requirements; identify opportunities for process improvement; assist in the development of departmental standards and practices
- Operational Management - Ensure that the design and implementation of security systems will adequately support the organization; ensure that systems will provide the appropriate level of security, reliability and automation; perform ongoing digital forensics and incident response activities; develop a systems maintenance plan; develop measurements and metrics; document system architecture and operational practices; serve in a technical lead capacity
- Solution Evaluation and Implementation - Initiate and participate in projects to evaluate technologies and methods for implementing plans to support organizational strategies and efficiencies; conduct research on emerging technologies in support of security efforts and recommend technologies and methods that will increase security effectiveness, cost effectiveness and organizational flexibility; develop and execute test plans to check and regularly verify security measures; implement and complete new initiatives, project implementation and ongoing maintenance
- Training & Support - Provide escalated support for both custom and purchased tools; provide training on custom and commercial systems to team members
- Bachelor degree in any field required; bachelor degree in Computer Science, Information Security, or related field is strongly preferred
- Minimum 8 years experience with cyber security required;
- Ability to work with a proven expertise in 24x7 technical environments
- Strong knowledge of common security monitoring, analysis, vulnerability management, case management, and related operational processes and metrics
- Experience successfully managing cyber security investigations and cross-functional and multi-location response (Global DFIR)
- Secure software development experience, i.e. integrating security into CI/CD/QA
- Process development, implementation, and improvement
- Expert at server, workstation, network, mobile, cloud and application security
- Understand how to achieve technical security requirements for multiple security frameworks
- Strong understanding of foundational XaaS protocols and troubleshooting
- Experience with virtualization and Linux / Windows operating systems including strong command line and scripting skills
- Periodic travel required
Preferred Skills & Experience:
- One or more SANS GIAC certifications. Examples include GCIA, GCIH GMON, GNFA, GCFA, GREM, GPEN, GWAPT, GCED, GCWN, GCWN, GCUX, GWEB, GCTI, GPYC, GMOB, and GSE.
- Experience with Cisco UCS, Dell, Vmware Esxi 5/6, Netapp/EMC storage, AWS and GPC
- Experience with Puppet, Foreman, Docker, Hadoop, Elastic search
- Experience with common security tools, automation and infrastructure including: Vulnerability management tools, IDS/IPS, SIEM, WAF, network infrastructure components (routers, firewalls, J-Flow), Syslog, packet captures, Windows Event Log tools, patch orchestration and big data applied to security objectives
- Experience with security laws and frameworks such as SOC2, ISO 27001, HIPAA, HITRUST, FedRAMP, PCI-DSS, and others
- Privacy Engineering experience and experience with global privacy laws and frameworks
- Knowledge of current hacking techniques, malicious code trends, botnet behavior, exploits, malware, DDoS and data breach events
- Experience with operations and service quality management processes such as ITIL
- Experience with scripting, programming an APIs – i.e. able to build and put effective solutions together using optimal combinations of existing tools and custom integrations
- Experience working with industry groups such as FIRST, Cloud Security alliance, CFCA, NSIE, DSIE, and DNS-OARC
RingCentral is headquartered in Belmont, California, and has offices around the world.
RingCentral is an EEOC employer.