Senior Security Engineer
IT | UK – Bristol Office
About the company:
ForgeRock® rocks when others are rolling. We aren’t your typical high-tech company and aren’t looking for typical people. We look for real people. Whoever you are. Whatever you are. While you play well with others you aren’t afraid to be you and let others be themselves. Someone has called you wicked smart before, but you would never refer to yourself that way.
ForgeRock pioneered open source identity and access management, went on to invent identity relationship management for customer identities, and is now busy playing with the identity of things. Yes, we’re growing fast, but we remain true to our start up culture. We’re decidedly creative, we’re always learning, no one hesitates to ask questions, and we’re on a never-ending search for new ideas.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it’s likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.
The primary purpose of the role of Senior Security Engineer is to ensure that ForgeRock’s EU / UK / US information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction, through the implementation of properly managed security solutions, and the continued application of effective security controls.
The Senior Security Engineer will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions, and will ensure alignment to the Information Security reference and governance frameworks, enterprise security architecture, relevant EU regulatory requirements such as GDPR and Cyber Security Essentials plus as well as international standards such as IS27001 and best practice. Working knowledge of EU and UK banking information security requirements as also needed.
- Being the product owner for security solutions, ensuring they are implemented effectively in conjunction with the Infrastructure Engineering, Operations teams and 3rd parties.
- Ownership of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, taking the lead on all information security related projects.
- Evaluating new security technologies and products and performs engineering work and analysis to determine if solutions should be pursued and implemented as required.
- Contributing to and managing the EU / UK Security Technology roadmaps.
- Supporting the delivery of new projects, ensure that new projects are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles and any relevant technical or compliance standard.
- Co-ordinating all security matters with respect to IT requirements and be the single contact for security compliance for IT.
- Assisting in the development and maintenance of security policies, standards and procedures to support ForgeRock’s risk management framework and business strategy.
- Be an internal champion for security and assist in training and informing ForgeRock team members of security requirements, standards and best practice.
- Liaison with the ForgeRock US team around EU / UK security and compliance standards to bring global compliance to EU standards for areas such as the GDPR.
- Be based in Bristol to support the International Financial Service Support Centre where a number of key compliance and security obligations must be met.
- Support internal compliance audits as and when necessary and work with the ForgeRock Privacy and Compliance Team to identify any gaps and to close them where necessary.
Required Skills & Qualifications:
- Proven track record of information technical security experience and to be seen as a subject matter expert.
- A good understanding of ISO27001, Cyber Security Essentials Plus, EU and UK Data Protection requirements for banks and the GDPR.
- Hands-on security engineering experience of Operating Systems, Active Directory, Group Policy, Network Protocols, PKI, proxies, access management, etc.
- Extensive implementation experience of a wide range of security products such as access audit tools, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
- Experience of SIEM systems and managing associated incident response processes.
- Working knowledge of host hardening techniques including Windows/macOS/
- Detailed understanding of tools and techniques used by ethical hackers including vulnerability testing tools and methodologies.
- Ability to demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats.
- Experience working with or in a Computer Security Incident Response Team (CSIRT).
- Experience with security testing tools, development of threat assessments and security testing methodologies is desirable.
- Experience working with security controls in cloud services e.g. AWS, Office 365, Gmail, etc.
Life at ForgeRock:
We believe in and facilitate a flexible, collaborative work environment. We’ve grown enormously, but remain true to the innovative, can-do startup values that got us here. Most important of all, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day. Below are just a few of the great things we have to offer at ForgeRock:
- A great team of smart, fun and genuinely nice individuals.
- Awesome company culture focused around providing a flexible and collaborative work environment
- Regular office bonding events, from lunches and happy hours to group offsites and hack-days
- Well-stocked fridges, whether you’re hungry or thirsty
- Competitive benefits and perks
- We’re Mac-friendly!
- Generous employee referral bonus program
- Amazing offices across the globe – San Francisco HQ; Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore, Australia & counting!