Responsibilities:
• Lead & train the SOC team
• Design and implement security monitoring and security operations program for a global cloud services environment.
• Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment.
• Review events, alarms, logs, and interpret data.
• Conduct investigations of alarms and incidents.
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Process development, implementation, and improvement
• Generate threat intelligence and conduct pro-active threat research
• Lead incident response activities and security investigations, triage and prioritize investigation activities, and introduce incident management best practices.
• Ensure RingCentral is in compliance with all applicable Federal and global laws and regulations regarding the monitoring of information
• Provide detailed documentation in support of RingCentral’s ongoing security operations programs.
• Manage various monitoring and scanning tools. Identify and track suspicious activity by reviewing data from these tools, and analyzing system events.
• Select and report on security operations metrics.
• Work with ISPs, carriers and partners to respond to events, conduct investigations, and minimize incidents.
• Provide post mortem reporting for security incidents and recommendations to prevent recurrence.
• Identify trends and patterns, summarize key findings, and recommend process and system enhancements.
• Collaborate with cross-functional groups such as Engineering, Operations, Support and Product Management to enhance tools, processes, and detection methods
• Review issues escalated by other Security Operations team members and provide guidance on resolution.
• Manage and respond to escalations from internal and external parties within designated service levels.
• Educate internal team members and external parties on processes and procedures.
Position Requirements
• 4 years in a security operations role in a cloud services environment.
• BA/BS degree or 4 years equivalent experience in diverse technical and operations roles.
• Expert knowledge of protocols and troubleshooting
• Strong knowledge of IDS, SIEM, vulnerability management, anti-malware protection, case management, and related operational processes and metrics.
• Strong knowledge of virtualization and expert knowledge of Linux / Windows operating systems including strong command line skills
• Experience investigating data breach response events and successfully leading incident response activities across cross functional teams and geographies.
• Expert knowledge of common security monitoring, analysis, and response techniques, including collection of indicators of compromise
• Solid knowledge of various compliance and regulations for the protection of customer personal information and credit card information. (Examples include but are not limited to PII, PCI, and CPNI)
• Periodic travel required
• This role participates in on-call rotations
Strongly Preferred
• SANS GIAC GCIA (GIAC Certified Intrusion Analyst) and/or SANS GIAC GCIH (GIAC Certified Incident Handler) certifications
• Experience using Qulays, Tripwire, Sourcefire, AlienVault, SumoLogic, Imperva, Juniper (routers, firewalls, J-Flow), Syslog, packet capture, and Windows Event Log tools and infrastructure.
• Experience with security laws and frameworks such as HIPAA, PCI-DSS, and others
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Experience with operations and service quality management processes such as ITIL
• Experience with scripting or programming, and SecDevOps – ie able to build and put effective solutions together using optimal combinations of existing tools and custom code/scripts
• Experience working with global teams
• Experience working with industry groups such as FIRST, NSIE, DSIE, and DNS-OARC
• Experience with supervisory responsibilities
