Principal Security Engineer
Information Security | US - Austin Office
About the company:
ForgeRock® rocks when others are rolling. We aren’t your typical high-tech company and aren’t looking for typical people. We look for real people. Whoever you are. Whatever you are. While you play well with others you aren’t afraid to be you and let others be themselves. Someone has called you wicked smart before, but you would never refer to yourself that way.
ForgeRock pioneered open source identity and access management, went on to invent identity relationship management for customer identities, and is now busy playing with the identity of things. Yes, we’re growing fast, but we remain true to our start up culture. We’re decidedly creative, we’re always learning, no one hesitates to ask questions, and we’re on a never-ending search for new ideas.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it’s likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.
ForgeRock is on an ambitious path to release a SaaS version of our identity platform, and to ensure this platform has all the right security features built-in from the very beginning. You will join a small team of highly talented security engineers who are working alongside their engineering colleagues to deliver a world-class identity service. In this role, you will write security related code for the new ForgeRock Identity Cloud that automatically implements the desired security controls in areas such as data isolation, secrets management, and boundary protection.
- Solving Security Engineering Puzzles: As a senior technical leader in the organization, perform as an integrated member of the engineering teams to lead the incorporation of highly effective, cost-efficient security measures into greenfield engineering designs for new identity service offerings. Leveraging your well-rounded background in host, network, application, and container security you will engineer and write the code to implement security capabilities in the new service offerings and across the company. You’ll help the technology and business teams identify, prioritize, and implement a comprehensive, resilient architecture that will ensure security is built-in to the service offerings from the very start.
- Defend ForgeRock from Cyber Attack: Lead the creation or selection, implementation, integration, and use of security capabilities such as attack detection and vulnerability management systems across all parts of the business, with a focus on automation and API-based integration. Stay current on modern threats and attack patterns/methods and provide recommendations on the best ways for ForgeRock to mitigate the threats/attacks.
- Automate and Measure Everything that Matters: Using your strong expertise in automation and integration with a modern programming or scripting language, you will create automation patterns to be used by engineering teams across the company. You will be a champion driving the organization to automate and integrate the core security solutions into a highly effective cyber defense system. Being data driven you will measure the success of the security solutions with metrics and dashboards, continually improving the effectiveness of the overall security capabilities.
Required Skills & Qualifications:
- Strong background in automation through coding, scripting and integration in a security context
- Demonstrated experience implementing security controls in an “infrastructure as code” environment on a public IaaS platform (AWS, GCP. etc.).
- Bachelor's degree in Information Security, Computer Science, Information Systems, Engineering or related major or equivalent years of experience and
- A minimum 7 years’ experience in the information security field
- Minimum of 3 years’ experience in either Linux or Windows operating systems (prefer both)
- Experience developing security controls in a Docker/Kubernetes environment
- Experience developing security controls on Google Cloud Platform
- Strong, well-rounded background in host, network and application security.
- Has created automated solutions for auditing compliance with security standards
- Solid understanding of core networking concepts to include routing and switching
- Senior level knowledge of industry standard security tools and encryption/cryptography protocols and best practices, authentication, authorization and directory services.
- Experience developing automated information security controls against common compliance frameworks such as SOC, FedRAMP, PCI-DSS, or Cloud Security Alliance
- Sense of urgency
- Passionate about delighting customers and learning new skills
- Data-driven decision making
- Strong communication skills
- Creative thinker and problem solver
- Ability to self-motivate, self-manage and handle conflict
- Team player
- CISSP, CISM, CISA, CEH, CEPT, GIAC or similar relevant information security certifications
Life at ForgeRock:
We believe in and facilitate a flexible, collaborative work environment. We’ve grown enormously, but remain true to the innovative, can-do startup values that got us here. Most important of all, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day. Below are just a few of the great things we have to offer at ForgeRock:
- A great team of smart, fun and genuinely nice individuals.
- Awesome company culture focused around providing a flexible and collaborative work environment
- Regular office bonding events, from lunches and happy hours to group offsites and hack-days
- Well-stocked fridges, whether you’re hungry or thirsty
- Competitive benefits and perks
- We’re Mac-friendly!
- Generous employee referral bonus program
- Amazing offices across the globe – San Francisco HQ; Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore, Australia & counting!
ForgeRock is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.