Cyber security engineerPosted: June 3, 2022, 3:34 p.m. - Full Time - India
Our job is to be bold at work.
It starts with an insatiable curiosity about clients, colleagues, and the future. At Forrester, we believe curiosity powers progress. Forresterites bring a diversity of opinions and the courage of their convictions to collaborate on the ideas and initiatives that change the course of business. As a trusted advisor to the most influential companies in the world, we live at the nexus of what’s next.
About This Role:
The Cybersecurity Engineer (CE) will perform ongoing security operations tasks and help engineer and maintain security solutions across the enterprise. The CE will sit through security audits, review and answer security questionnaires. Conduct third-party risk assessments and maintain the full lifecycle of information security at Forrester. Coordinate with Legal and Procurement teams to ensure proper security and privacy clauses are included in third-party contracts.
Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes. Provide consultancy/SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that Forrester suppliers have adequate security controls. Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party risks. The CE will investigate and respond to incidents, escalating as necessary. The CE must stay current with emerging cyberthreats through security bulletins, external peer groups, and information security circles. The Cybersecurity Engineer’s gained knowledge will contribute to the improvement of security controls to address events ranging from intrusions, malware, and DDoS to unauthorized access, insider attacks, and loss of proprietary information.
This position demands an organized, detail-oriented team player with the ability to prioritize tasks and support multiple initiatives simultaneously; strong technical ability and excellent communication skills are required.
Conduct security audits and assessment on Forrester’s suppliers and partners Articulating identified risks to the business for remediation, mitigation and sign off. Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization Contribute to designing, implementing, and managing security incident and vulnerability management and reporting. Contribute to writing and improving security policies, standards, and guidelines Monitor and analyze systems for security incidents, investigating, resolving, reporting, and escalating them as needed. Develop technical solutions to help mitigate security vulnerabilities and automate tasks to increase operational efficiency. Design and establish continuous monitoring programs using cybersecurity monitoring, vulnerability scanning, and intrusion detection and management tools. Identify opportunities to improve the quality and resiliency of the company’s systems and applications. Research and recommend solutions to improve the company’s security posture on-premises and in the cloud. Partner with operations and infrastructure engineering teams to implement and tune security monitoring, tooling, and reporting. Actively participate in DR/BC planning and implementation.
Three to five years of professional information and IT security experience with a passion for cybersecurity. Third-party auditing skills and cloud risk assessment methodologies. In-depth understanding of ISO27001, SOC2, NIST, FedRAMP, GDPR, CCPA standards and frameworks. A proven track record of reviewing security architectures, designing, engineering, and delivering enterprise-level security solutions. Strong curiosity and ability to continuously question every process and technology to identify security risk and provide mitigations. Excellent vulnerability, intrusion, and incident assessment, remediation, and management skills. Detailed working knowledge of security technologies (e.g., AV, IDS/IPS, NGFW, SIEM, WAF, DLP, encryption certification management and malware analysis and protection), with a commitment to keep current with the latest developments in this field. Experience in identity management/authorization and authentication (e.g., SSL, IPSEC, PKI, SAML, Kerberos, LDAP). Strong familiarity with Windows or Linux OS (preferably both). A thorough understanding of computer networking, IP, routing protocols, OSI models, etc. Strong analytical and troubleshooting skills driven by a logical, methodical approach. Excellent interpersonal, communication, and leadership skills. A self-starter who is resourceful and intellectually curious. Someone who is transparent and open to feedback. A sense of urgency without sacrificing quality. A collaborative team player with high standards and ethics. Able to work from 3:00PM to 12:00AM IST (5:30AM to 2:30PM EST)
Explore #ForresterLife on:
Forrester Research is an equal opportunity employer and is committed to providing a work environment that is free from all forms of discrimination, including sexual harassment.
The information provided by you in this application will be used for the purposes of recruitment and, for successful applicants only, for personnel administration and management purposes and to comply with the employer’s obligations regarding the retention of employee records. If your application is unsuccessful, Forrester Research, Inc., its subsidiaries, affiliates, and/or service providers (collectively “Forrester”) will retain your personal information on secure file solely to consider you for future recruitment opportunities.
By submitting your resume/CV, you consent to Forrester’s retention of the information provided on a secure file for personnel administration and management purposes and/or in order to consider you for future employment opportunities and to the transfer of the information provided to:
Forrester’s offices in the US and other countries outside the European Economic Area; and Service providers engaged by Forrester for the purposes of processing applications for employment who may be located outside the European Economic Area.