Lead Engineer, Cybersecurity

Forbes, Incorporated
Jersey City, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 175K

Job location

Remote
Jersey City, United States of America

Tech stack

Artificial Intelligence
Cloud Computing
Cloud Computing Security
CompTIA Security+
Computer Security
Information Systems
Continuous Integration
Identity and Access Management
Intrusion Detection and Prevention
Key Management
Network Security
Network Architecture
Phishing
Software Engineering
Software Vulnerability Management
Web Platforms
Cloud-native Network Functions (CNF)
Data Processing
Cloud Platform System
Firewalls (Computer Science)
Information Technology
Vulnerability Analysis

Job description

Forbes is seeking a Lead Cybersecurity Engineer responsible for protecting Forbes' corporate technology environment and consumer-facing digital platforms through the design, implementation, and continuous improvement of cybersecurity controls, processes, and governance. This is a hands-on technical leadership role reporting to the Vice President, Corporate Technology, with formal people-management responsibility for a small distributed team of onshore employees and offshore contractors.

This individual will own cybersecurity across two complementary domains: corporate technology security, spanning identity and access management, endpoint protection, network and cloud security, email and phishing defense, and compliance; and web platform security, spanning cloud infrastructure, source code and pipeline security, vulnerability management, and client-side protection for Forbes' digital properties. The role also serves as the governance lead for all cybersecurity matters across the organization, partnering closely with Infrastructure, Engineering, QA, Product, Legal, and Corporate Technology teams. The ideal candidate is both a technical security expert and a business-minded collaborator, capable of balancing security requirements with operational efficiency and business objectives.

This is a hybrid position based at Forbes' Jersey City headquarters, with an expectation of working in the office 2-3 days per week. Candidates should reside in New Jersey, New York, or the greater New York City metropolitan area.

Responsibilities:

Leadership and Governance

  • Lead, mentor, and manage a distributed team of onshore employees and offshore contractors supporting corporate technology and web platform security.
  • Manage direct reports, goal setting, performance reviews, professional development, and day-to-day prioritization of work.
  • Oversee offshore contractor engagements, including deliverables, work quality, and coordination with vendor and resource management.
  • Serve as the governance lead for all cybersecurity matters across the organization, setting direction, standards, and priorities.
  • Develop and maintain company-wide cybersecurity policies, standards, procedures, and technical documentation.
  • Partner with Legal on vendor security preparation and review, including NDAs, data processing agreements (DPAs), and vendor risk assessments.
  • Manage cybersecurity projects, operational requests, and remediation initiatives, ensuring timely execution and resolution.
  • Support PCI and other compliance initiatives, audits, and security assessments, including evidence collection and questionnaire responses.
  • Maintain security metrics, reporting, and operational dashboards to provide visibility into organizational risk.
  • Monitor emerging cybersecurity threats and vulnerabilities, recommending improvements to strengthen Forbes' security posture.

Corporate Technology Security

  • Administer and secure the enterprise identity and access management (SSO/MFA) platform, including authentication policies, identity lifecycle automation, and privileged access controls.
  • Manage endpoint detection and response (EDR) and endpoint protection across the enterprise device fleet.
  • Manage enterprise network security, including next-generation firewalls, switching infrastructure, and cloud network environments.
  • Secure the enterprise cloud identity and directory environment, including conditional access, session controls, and account hygiene.
  • Manage email security and phishing defense, including phishing investigation and triage, security awareness training, and phishing simulation programs.
  • Lead security incident investigations and response efforts, coordinating remediation and root-cause analysis activities.

Web and Digital Platform Security

  • Manage cloud network architecture and security controls for Forbes' consumer-facing digital platforms.
  • Oversee source code and development platform security, including repository access controls, secrets management, and CI/CD pipeline security.
  • Own the vulnerability scanning and vulnerability management program across web properties and infrastructure, driving remediation with Engineering.
  • Lead client-side security for web properties, including governance of third-party scripts and tags and browser-side protections.
  • Partner with Engineering, QA, and Product teams to embed security requirements and best practices throughout the software development lifecycle.

Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical field.
  • CISSP, CCSP, CISM, Security+ and/or GIAC certifications preferred.
  • 7+ years of cybersecurity experience, including cloud security, infrastructure security, network security, or security engineering.
  • Experience leading and developing security engineers, including distributed and offshore team members or contractors.
  • Experience managing enterprise productivity suites, identity and access management platforms, public cloud platforms, and endpoint protection and threat detection solutions.
  • Hands-on experience with enterprise firewalls, network infrastructure, and cloud networking across multiple cloud providers.
  • Practical experience applying AI tools to security and engineering workflows, such as automation, detection, triage, and reporting, and familiarity with governing safe AI adoption across an enterprise.
  • Strong scripting and automation skills for security workflow and identity lifecycle automation.
  • Experience supporting PCI audits, compliance assessments, and security reviews.
  • Deep understanding of identity management, privileged access controls, authentication, and authorization principles.
  • Skilled in leading investigations, incident response, vulnerability management, and threat analysis.
  • Experience developing and maintaining security policies, standards, and governance processes.
  • Experience partnering with legal and procurement teams on vendor security reviews and contract preparation.
  • Proven ability to balance strategic security initiatives with hands-on technical execution.
  • Exceptional communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.

Benefits & conditions

3.83.8 out of 5 stars Jersey City, NJ Hybrid work $165,000 - $175,000 a year

About the company

Forbes is an iconic global media brand that has symbolized success for over a century. Fueled by journalism that informs and inspires, Forbes spotlights the doers and doings shaping industries, achieving success and making an impact on the world. Forbes connects and convenes the most influential communities ranging from billionaires, business leaders and rising entrepreneurs to creators and innovators. The Forbes brand reaches more than 140 million people monthly worldwide through its trusted journalism, signature ForbesLive events and 49 licensed local editions in 81 countries.

Apply for this position