Forgerock Security Engineer Work Location: Remote Description
Accountable for activities that ensure all users in the organization have the appropriate levels of access to applications, systems, and data resources. Evaluates and maintains procedures to safeguard information systems assets from intentional or inadvertent access or destruction. Ensures compliance with Security regulations and laws. Recommends and implements changes to enhance security controls and prevent unauthorized access. Responsible for role-based implementation, role management, and access governance. Implements and manages the enterprise security support model for new applications. Monitors systems, networks, servers, and databases for potential system breaches. Responds to alerts from information security tools. Assigned to projects of medium size/scope. Provides consultative expertise on a wide variety of project and initiatives.
Essential functions:
• Responsible for supporting the ForgeRock Identity Platform including Identity Gateway
• Migrate Webservices/APIs to the ForgeRock Platform for secure authentication and assist in integration with API Gateway
• Migrate internal, and business partner users to ForgeRock
• Developing custom integration, workflows and rules between tools using Agile methodologies.
• Performs a lead role in promotion of security awareness programs, assessing gaps and implementing solutions.
• Responsible for the end-to-end completion of security requests.
• Provisions user security roles and manages security groups across systems, platforms, databases, applications, servers, directors, and folders.
• Analyzes existing role structures to improve and streamline structures, security administration and improve end-user experience.
• Responsible for highly sensitive security access for outsourced vendors and ensuring compliance with policy, regulations, and contractual requirements.
• Accountable for highly sensitive emergency processes.
• Creates or maintains application scripts and uses application specific tools to create or manage application security.
• Tracks and documents security issues and requests, actively monitors work queue.
• Plans, coordinates, communicates, tests, and implements audits ensuring that access entitlements are appropriate for job requirements.
• Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels.
• Interfaces with users to understand new capabilities, implement procedures, ensure security procedures have been communicated properly and are being adhered to.
• Provides input to drive process improvements.
• Works closely with business areas and IT partners on troubleshooting, pre-implementation activities and to assess application security.
• Maintains and creates operational procedures and maintains Security Knowledge Base.
• Performs system monitoring activities, identification and evaluation of security threats, breaches, and vulnerabilities.
• Responds to security alerts.
• Responsible for on-call release support.
• Acts as lead liaison for internal and external audit requests and activities. Leads remedial activities as the result of audit findings.
• Defines scope of operational initiatives and adjusts priorities to support workload.
• Provides subject matter expertise, leadership, and guidance to work teams and end users on security policies, standards and procedures and processes.
• Investigates business processes to understand and implement security requirements weighing business needs and security risks and resolving issues.
• Research solutions works with vendors to enhance Security Monitoring Program.
• Coordinates and documents exceptions to security policy as directed by the Exception Governance Team.
• Develops training content as needed.
Job Duties:
- In-depth knowledge of Information Technology field and computer systems
- Demonstrated organizational skills
- Demonstrated ability to adapt to change and collaborate as part of a team
- Ability to manage tasks independently without close supervision and take ownership of responsibilities
- Ability to learn from mistakes and apply constructive feedback to improve performance
- Must demonstrate initiative and effective independent decision-making skills
- Ability to communicate technical information clearly and articulately
- Must have an understanding of the systems development life cycle
- Advanced analytical thinking, problem solving, quantitative analysis ability.
- Must have an advanced understanding of Information Security concepts, protocols, industry best practices, and regulatory requirements.
- Proficiency with Windows skills are required, e.g., Windows Explorer, Word, Excel, PowerPoint, Outlook, etc.
- Must demonstrate expertise with security management tools
- Works without daily supervision to meet customer expectations
- High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy
Preferred Experience
- Experience with ForgeRock Access Management
- Experience with ForgeRock Identity Management
- Experience with Microsoft Active Directory and LDAP
- Proficiency with Active Directory groups and user accounts, Windows folder structures and folder security
- Development experience in any technologies, Java, PowerShell, etc.
- Proficiency with database security and tools used to administer security within the various databases, e.g., UDB, DB2, SQL and Oracle
- Proficiency of UNIX/Linux security and tools used to administer security in these environment
Required Experience:
5-8 year of related work experience or equivalent combination of transferable experience within IT Security
Required Education:
Related Bachelor's degree in an IT related field or relevant work experience
Required Certification:
COMPTIA Security+ or equivalent