Lead Engineer, Cybersecurity
Forbes · Jersey City, New Jersey, United States · $165K–$175K/yr
Book and Periodical Publishing · 201-500 employees
About the role
Lead and manage a distributed team to protect corporate technology environments and consumer-facing digital platforms. Serve as the primary governance lead for cybersecurity, developing policies and partnering with cross-functional teams to manage risk.
What they look for
Requirements
Requires a Bachelor's degree in a technical field and 7+ years of cybersecurity experience, including leadership of distributed teams. Proficiency in cloud security, IAM, and network infrastructure is essential, with preferred certifications like CISSP or CISM.
Full description
Forbes is an iconic global media brand that has symbolized success for over a century. Fueled by journalism that informs and inspires, Forbes spotlights the doers and doings shaping industries, achieving success and making an impact on the world. Forbes connects and convenes the most influential communities ranging from billionaires, business leaders and rising entrepreneurs to creators and innovators. The Forbes brand reaches more than 140 million people monthly worldwide through its trusted journalism, signature ForbesLive events and 49 licensed local editions in 81 countries.
Forbes is seeking a Lead Cybersecurity Engineer responsible for protecting Forbes' corporate technology environment and consumer-facing digital platforms through the design, implementation, and continuous improvement of cybersecurity controls, processes, and governance. This is a hands-on technical leadership role reporting to the Vice President, Corporate Technology, with formal people-management responsibility for a small distributed team of onshore employees and offshore contractors.
This individual will own cybersecurity across two complementary domains: corporate technology security, spanning identity and access management, endpoint protection, network and cloud security, email and phishing defense, and compliance; and web platform security, spanning cloud infrastructure, source code and pipeline security, vulnerability management, and client-side protection for Forbes' digital properties. The role also serves as the governance lead for all cybersecurity matters across the organization, partnering closely with Infrastructure, Engineering, QA, Product, Legal, and Corporate Technology teams. The ideal candidate is both a technical security expert and a business-minded collaborator, capable of balancing security requirements with operational efficiency and business objectives.
This is a hybrid position based at Forbes' Jersey City headquarters, with an expectation of working in the office 2-3 days per week. Candidates should reside in New Jersey, New York, or the greater New York City metropolitan area.
Responsibilities:
Leadership and Governance
- Lead, mentor, and manage a distributed team of onshore employees and offshore contractors supporting corporate technology and web platform security.
- Manage direct reports, goal setting, performance reviews, professional development, and day-to-day prioritization of work.
- Oversee offshore contractor engagements, including deliverables, work quality, and coordination with vendor and resource management.
- Serve as the governance lead for all cybersecurity matters across the organization, setting direction, standards, and priorities.
- Develop and maintain company-wide cybersecurity policies, standards, procedures, and technical documentation.
- Partner with Legal on vendor security preparation and review, including NDAs, data processing agreements (DPAs), and vendor risk assessments.
- Manage cybersecurity projects, operational requests, and remediation initiatives, ensuring timely execution and resolution.
- Support PCI and other compliance initiatives, audits, and security assessments, including evidence collection and questionnaire responses.
- Maintain security metrics, reporting, and operational dashboards to provide visibility into organizational risk.
- Monitor emerging cybersecurity threats and vulnerabilities, recommending improvements to strengthen Forbes' security posture.
Corporate Technology Security
- Administer and secure the enterprise identity and access management (SSO/MFA) platform, including authentication policies, identity lifecycle automation, and privileged access controls.
- Manage endpoint detection and response (EDR) and endpoint protection across the enterprise device fleet.
- Manage enterprise network security, including next-generation firewalls, switching infrastructure, and cloud network environments.
- Secure the enterprise cloud identity and directory environment, including conditional access, session controls, and account hygiene.
- Manage email security and phishing defense, including phishing investigation and triage, security awareness training, and phishing simulation programs.
- Lead security incident investigations and response efforts, coordinating remediation and root-cause analysis activities.
Web and Digital Platform Security
- Manage cloud network architecture and security controls for Forbes' consumer-facing digital platforms.
- Oversee source code and development platform security, including repository access controls, secrets management, and CI/CD pipeline security.
- Own the vulnerability scanning and vulnerability management program across web properties and infrastructure, driving remediation with Engineering.
- Lead client-side security for web properties, including governance of third-party scripts and tags and browser-side protections.
- Partner with Engineering, QA, and Product teams to embed security requirements and best practices throughout the software development lifecycle.
The ideal candidate:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical field.
- CISSP, CCSP, CISM, Security+ and/or GIAC certifications preferred.
- 7+ years of cybersecurity experience, including cloud security, infrastructure security, network security, or security engineering.
- Experience leading and developing security engineers, including distributed and offshore team members or contractors.
- Experience managing enterprise productivity suites, identity and access management platforms, public cloud platforms, and endpoint protection and threat detection solutions.
- Hands-on experience with enterprise firewalls, network infrastructure, and cloud networking across multiple cloud providers.
- Practical experience applying AI tools to security and engineering workflows, such as automation, detection, triage, and reporting, and familiarity with governing safe AI adoption across an enterprise.
- Strong scripting and automation skills for security workflow and identity lifecycle automation.
- Experience supporting PCI audits, compliance assessments, and security reviews.
- Deep understanding of identity management, privileged access controls, authentication, and authorization principles.
- Skilled in leading investigations, incident response, vulnerability management, and threat analysis.
- Experience developing and maintaining security policies, standards, and governance processes.
- Experience partnering with legal and procurement teams on vendor security reviews and contract preparation.
- Proven ability to balance strategic security initiatives with hands-on technical execution.
- Exceptional communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
The annual base salary range for this role is $165,000 - $175,000.
Forbes has estimated the compensation range set forth above in good faith. The compensation range is what we believe we will offer, and ultimately pay, a successful candidate. In determining this range, we consider the experience, level of education (if applicable to the role), knowledge, skills, and abilities required to be had by a successful candidate as well as the budget and the company’s pay rates, generally. This said, we may have to make changes to our compensation estimates and job descriptions from time to time and we expressly reserve the right to do so. Should we make any such changes, this advertisement will be revised to reflect such revisions. We encourage you to occasionally re-visit this advertisement to ensure that you are abreast of any changes.
#LI-RL1 #LI-HYBRID
This role may evolve over time. While this job description outlines the primary responsibilities, additional duties may be assigned as business needs change. Forbes aims to offer employees the flexibility they need in order to be successful. Some positions may require candidates to be based in a specific location for consideration while some roles may be fully remote (within the U.S.) if it aligns with the needs of the position. This position is only open to candidates residing in California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Maine, Maryland, Massachusetts, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, & Washington. Due to business operations and compliance requirements, we are unable to consider applicants based outside these states at this time.
Forbes is an equal opportunity employer.
Staff and Applicant Privacy Notice Notice of E-Verify Participation