Information Security Engineer
Information Security | Bristol, UK Office or Remote
About the company:
In today’s highly connected digital world, understanding, managing and securing the identity of individuals and things is essential to safety and success of both businesses and their customers. Billions of people connect from anywhere, use a wide variety of devices and expect a seamless yet secure experience.
The ForgeRock mission is to provide the most simple and comprehensive Identity and Access Management Platform to help our customers deepen their relationships with their consumers and improve the productivity and connectivity of their employees and partners. Our identity solution enables great digital experiences and is embedded with a rich set of security, privacy and consent features. We deliver our platform through both cloud services and on-premises software.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it’s likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using.
ForgeRock is headquartered in San Francisco, but we are a global company with offices in the following cities: Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore and Sydney, Australia. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.
The primary purpose of the role of Security Engineer is to ensure that ForgeRock’s EU / UK / US information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction, through the implementation of properly managed security solutions, and the continued application of effective security controls. The Security Engineer will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions, and will ensure alignment to the Information Security reference and governance frameworks, enterprise security architecture, relevant EU regulatory requirements such as GDPR and Cyber Security Essentials plus as well as international standards such as IS27001 and best practice. Working knowledge of EU and UK banking information
security requirements as also needed.
- Being the product owner for security solutions, ensuring they are implemented effectively in conjunction with the Infrastructure Engineering, Operations teams and 3rd parties.
- Ownership of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, taking the lead on all information security related projects.
- Evaluating new security technologies and products and performs engineering work and analysis to determine if solutions should be pursued and implemented as required.
- Contributing to and managing the EU / UK Security Technology roadmaps.
- Supporting the delivery of new projects, ensure that new projects are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles and any relevant technical or compliance standard.
- Co-ordinating all security matters with respect to IT requirements and be the single contact for security compliance for IT.
- Assisting in the development and maintenance of security policies, standards and procedures to support ForgeRock’s risk management framework and business strategy.
- Be an internal champion for security and assist in training and informing ForgeRock team members of security requirements, standards and best practice.
- Liaison with the ForgeRock US team around EU / UK security and compliance standards to bring global compliance to EU standards for areas such as the GDPR.
- Be based in Bristol to support the International Financial Service Support Centre where a number of key compliance and security obligations must be met.
- Support internal compliance audits as and when necessary and work with the ForgeRock Privacy and Compliance Team to identify any gaps and to close them where necessary.
Required Skills & Qualifications:
- Proven track record of information technical security experience and to be seen as a subject matter expert.
- Hands-on security engineering experience of Operating Systems, Cloud, Group Policy, Network Protocols, PKI, proxies, access management, etc.
- Extensive implementation experience of a wide range of security products such as access audit tools, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
- Experience of SIEM systems and managing associated incident response processes.
- Working knowledge of host hardening techniques including Windows/macOS/Linux.
- Detailed understanding of tools and techniques used by ethical hackers including vulnerability testing tools and methodologies.
- Ability to demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats.
- Experience working with or in a Computer Security Incident Response Team (CSIRT).
- Experience with security testing tools, development of threat assessments and security testing methodologies is desirable.
- Experience working with security controls in cloud services e.g. AWS, Office 365, Gmail, etc.
Life at ForgeRock:
We believe in and facilitate a flexible, collaborative work environment. We’ve grown enormously, but remain true to the innovative, can-do startup values that got us here. Most important of all, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day. Below are just a few of the great things we have to offer at ForgeRock:
- A great team of smart, fun and genuinely nice individuals.
- Awesome company culture focused around providing a flexible and collaborative work environment
- Regular office bonding events, from lunches and happy hours to group offsites and hack-days
- Well-stocked fridges, whether you’re hungry or thirsty
- Competitive benefits and perks
- We’re Mac-friendly!
- Generous employee referral bonus program
- Amazing offices across the globe – San Francisco HQ; Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore, Australia & counting!