Security Operations Center Analyst/SOC Analyst

Join RingCentral, a market-leading Unified Communications-as-a-Service company, as a Security Operations Center Analyst (SOC Analyst). This full-time, remote role involves a unique 2-days-on, 2-days-off work schedule. You will play a critical role in implementing a comprehensive security monitoring, incident response, and threat intelligence program for RingCentral's global cloud service, corporate, and development environments. This is an exceptional opportunity to contribute to a rapidly expanding industry leader providing Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions.

About this role:

As a SOC Analyst at RingCentral, your primary responsibilities include:

• Collaboratively providing feedback to improve security operations processes.
• Generating actionable analysis and threat intelligence from various tools, logs, and data sources.
• Ensuring strong documentation to support ongoing SOC activities.
• Reporting observations to Security, Operations, and IT personnel.
• Monitoring security events, analyzing and investigating alarms, and maintaining day-to-day operational activities of a secure cloud environment.
• Engaging cross-functional teams within and outside RingCentral to mitigate and resolve security cases.
• Maintaining relevant documentation and audit artifacts.
• Identifying and tracking suspicious system activity.
• Identifying trends and patterns, and presenting them to Security Engineers to enhance processes and systems.
• Participating in on-call rotations.

Successful Candidates will possess:

• Proven skills in application security, security monitoring, incident response, and intrusion analysis.
• Strong knowledge of diverse attack methods and technologies targeting web/mobile/desktop applications, SaaS infrastructure, and data.
• Critical thinking, ability to work under pressure, and strong analytical, written, verbal, and interpersonal skills.
• Demonstrated track record of quality processes in past work history.
• Strong self-motivation with an aptitude for both individual and team-oriented work.
• Experience following and refining standard operating procedures and playbooks.

Qualifications/Requirements:

• 4+ years in a security engineering, SRE, or SOC role within a cloud services environment.
• Experience with SIEM platforms.
• Experience investigating security incidents.
• Basic knowledge of AWS or GCP.
• Experience with IDS, case management, and related tools and practices.
• Experience with Linux, RedHat preferred.
• Basic knowledge of broad security topics including encryption, application security, malware, and ransomware.
• Knowledge of network, VoIP, and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP).

Preferred Skills/Experience:

• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, GCFE, GASF, GICA, GCTI, GPEN, GWAPT, GPYC, OSCP.
• Experience with tools like Crowdstrike, Cloudflare, FirePower, Splunk, ELK, Imperva, Syslog, packet capture, and Windows Event Log.
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events.
• Strong knowledge of Microsoft Windows.
• Experience automating security tasks via scripting, programming, and/or SecDevOps.
• Experience working with global teams.