In today’s highly connected digital world, understanding, managing and securing the identity of individuals and things is essential to safety and success of both businesses and their customers. Billions of people connect from anywhere, use a wide variety of devices and expect a seamless yet secure experience.
The ForgeRock mission is to provide the most simple and comprehensive Identity and Access Management Platform to help our customers deepen their relationships with their consumers and improve the productivity and connectivity of their employees and partners. Our identity solution enables great digital experiences and is embedded with a rich set of security, privacy and consent features. We deliver our platform through both cloud services and on-premises software.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it’s likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using.
ForgeRock is headquartered in San Francisco, but we are a global company with offices in the following cities: Vancouver, WA; Austin, TX; Bristol, UK; Grenoble FR; Oslo NO; and Singapore. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.
ForgeRock is looking for a Security Engineer to join our Backstage team – ForgeRock’s technical portal for community and customers.
You will play a key role in designing and maintaining the security of our web application infrastructure, and ensuring alignment to security governance frameworks, standards and enterprise security best practice.
You will be the team’s security champion, analysing our development and deployment processes, and coming up with new and exciting ways to make them more secure. You will also work with our Enterprise Security team on the audits for Backstage by submitting evidence, as well as understanding and communicating the requirements specific to us.
You will support both cybersecurity and information security needs, as well as have the opportunity to identify and work on further improvements as you find them.
We hope that you are curious, perhaps even passionate about security, like to get your hands dirty by building and testing new tools and programs, manage your time and priorities well, don’t need to be micromanaged and aren’t afraid to ask questions or get help when you need it.
- Designing, implementing and maintaining security solutions for the Backstage applications and deployment infrastructure
- Hardening existing systems as per industry best practices
- Contributing to and managing the Backstage security roadmap
- Evaluating new security technologies and products, and performing analysis to determine if solutions should be pursued and implemented as required
- Supporting the delivery of development projects, and ensuring that new projects are risk assessed, security controls are identified successfully before going live, and that solutions meet relevant information security principles and the relevant technical or compliance standards
- Co-ordinating all security matters with respect to Backstage requirements and operating as the single contact for security compliance for Backstage
- Assisting in the development and maintenance of security policies, standards and procedures to support ForgeRock’s risk management framework and business strategy
- Acting as an internal champion for security and informing the team of security requirements, standards and best practices
- Supporting internal compliance audits and working with the ForgeRock Enterprise Security team to identify and remediate any gaps
Required Skills & Qualifications:
- Experience of infrastructure and software development security design
- Ability to demonstrate an outstanding analytical skill set and knowledge of current and evolving cyber threats.
- Experience of working with security controls in cloud services e.g. AWS, GCP, etc.
- Knowledge of security products (e.g. access audit tools, firewalls, encryption, DDoS protection, etc.)
- Experience with security testing tools, development of threat assessments and security testing methodologies
Nice to Have:
- An understanding of ISO-27001 and Cyber Security Essentials Plus
- Hands-on security engineering and hardening experience (e.g. Docker, Java, Linux, Google Cloud Platform, Kubernetes, network protocols, PKI, proxies, LDAP, access management, etc.)
- Experience of working with incident response teams and processes.
Life at ForgeRock:
We believe in and facilitate a flexible, collaborative work environment. We’re growing quickly, but remain true to the innovative, can-do startup values that got us here. Most importantly, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day.
Here are just a few of the things that make ForgeRock special:
- A company culture that empowers you to do your best work.
- Employee Resource Groups that create a sense of belonging for everyone.
- Regular company and team bonding events.
- Competitive benefits and perks.
- Recognition programs that reward employees with meaningful experiences.
- Global volunteering and community initiatives
ForgeRock is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone’s individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.
We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.