Events  Deals  Jobs 
    Sign in  
 
 
General Assembly // accelerated learning programs & education
 
Engineering, Full Time    New York City    Posted: Friday, September 09, 2022
 
   
 
Apply To Job
 
 
JOB DETAILS
 

Who are we?

Our vision is of a global community of individuals empowered to pursue the work they love. Our mission is to grow that community by transforming millions of thinkers into creators.

Since 2011, General Assembly has transformed tens of thousands of careers through pioneering, experiential education in todays most in-demand skills. As featured in The Economist, Wired, & The New York Times, GA offers training in web development, data, design, business, & more, both online & at campuses around the world. Our global professional community boasts 40,000 full- & part-time alumni & counting.

GA has a remote-friendly culture with offices around the world. If you prefer the office, our headquarters are located in New York City. Twice a year, the entire Product team gets together in New York for a week of team building, workshops, lightning talks, urban adventures, & an epic hackathon.

Role

Information Security Engineer

Responsibilities

  • Responsible for implementing and/or assisting Engineering and/or IT with implementing  solutions to assist in the deployment or configuration of information security control systems or cloud based solutions designed to implement or enforce the Information Security Management System (ISMS) or its control objectives
  • Applying or verifying the application of security controls designed to enforce information security policies, standards, guidelines, & procedures
  • Verification of the application of critical patches either manually or through scripted solutions
  • Configures Web Application Firewall (WAF) rulesets to optimize for protection, detection, & monitoring of malicious activity
  • Configures & runs vulnerability scans against infrastructure such as cloud-hosted services, web applications, networking equipment, & workstations
  • Configuration of  Data Loss Prevention (DLP) solutions
  • Configuration of  email security solutions to implement SPF, DKIM, & DMARC as well as anti-phishing & email attachment security
  • Configuration & maintenance of cloud-delivered enterprise security software solutions
  • Configuration & management of a comprehensive logging & monitoring solution (e.g. SEIM/SIEM technology such as Security Onion)
  • Configures & maintains Firewalls & firewall rule sets
  • Responsible for the implementation of the Disaster Recovery Plan (DRP)
  • Assists with the monitoring of the environment
  • Assists with information security investigations
  • Assists with the formation of new & maintenance of existing Information Security Incident Response Playbooks
  • Assists in testing & development of systems hardening procedures
  • Assists in classifying data & systems according to GA Policy
  • Assists in the documentation of the GA Threat Landscape
  • Assists in the internal audit of systems for compliance with Information Security Policy
  • Helps to maintain documentation of critical assets, infosec procedures, threat models for data-flows, & evidence of policy compliance as needed
  • Assists to ensure that information security risk assessments produce consistent, valid & comparable results 
  • Works with risk owners to develop acceptable treatment plans
  • Responsible for successful application of treatment plans & the documentation of residual risks that have been accepted by risk owners
  • Assists in the on-going improvement of the Information Security Management System (ISMS)
  • Coordinates between departments & teams to improve the information security stance for the entire company

Expectations

  • Holds a current recognized information security credential (e.g. CISSP, CEH, OSCP)
  • Familiar with TCP/IP Networking
  • Familiar with network protocol analyzers (e.g. Wireshark)
  • Familiar with Penetration testing methodology
  • Familiar with Incident Response Techniques
  • Familiar with OWASP 
  • Familiar with MITRE ATT&CK framework
  • Familiar with Threat Modeling techniques
  • Familiar with Network Security & Vulnerability scanning tools (e.g. Nessus, Nmap, Rapid7 tools, Qualys, etc.)
  • Proficient in at least one scripting language (e.g. Python, Bash, Zsh)
  • Experience working with Macintosh, Windows, & Linux systems
 
 
 
Apply To Job
 
 
 
 
 
© 2022 GarysGuide      About    Feedback    Press    Terms