Facebook pixel

Information Security Engineer
Posted on 9/9/2022
New York, NY, USA
Experience Level
Desired Skills
  • Holds a current recognized information security credential (e.g. CISSP, CEH, OSCP)
  • Familiar with TCP/IP Networking
  • Familiar with network protocol analyzers (e.g. Wireshark)
  • Familiar with Penetration testing methodology
  • Familiar with Incident Response Techniques
  • Familiar with OWASP
  • Familiar with MITRE ATT&CK framework
  • Familiar with Threat Modeling techniques
  • Familiar with Network Security and Vulnerability scanning tools (e.g. Nessus, Nmap, Rapid7 tools, Qualys, etc.)
  • Proficient in at least one scripting language (e.g. Python, Bash, Zsh)
  • Experience working with Macintosh, Windows, and Linux systems
  • Responsible for implementing and/or assisting Engineering and/or IT with implementing solutions to assist in the deployment or configuration of information security control systems or cloud based solutions designed to implement or enforce the Information Security Management System (ISMS) or its control objectives
  • Applying or verifying the application of security controls designed to enforce information security policies, standards, guidelines, and procedures
  • Verification of the application of critical patches either manually or through scripted solutions
  • Configures Web Application Firewall (WAF) rulesets to optimize for protection, detection, and monitoring of malicious activity
  • Configures and runs vulnerability scans against infrastructure such as cloud-hosted services, web applications, networking equipment, and workstations
  • Configuration of Data Loss Prevention (DLP) solutions
  • Configuration of email security solutions to implement SPF, DKIM, and DMARC as well as anti-phishing and email attachment security
  • Configuration and maintenance of cloud-delivered enterprise security software solutions
  • Configuration and management of a comprehensive logging and monitoring solution (e.g. SEIM/SIEM technology such as Security Onion)
  • Configures and maintains Firewalls and firewall rule sets
  • Responsible for the implementation of the Disaster Recovery Plan (DRP)
  • Assists with the monitoring of the environment
  • Assists with information security investigations
  • Assists with the formation of new and maintenance of existing Information Security Incident Response Playbooks
  • Assists in testing and development of systems hardening procedures
  • Assists in classifying data and systems according to GA Policy
  • Assists in the documentation of the GA Threat Landscape
  • Assists in the internal audit of systems for compliance with Information Security Policy
  • Helps to maintain documentation of critical assets, infosec procedures, threat models for data-flows, and evidence of policy compliance as needed
  • Assists to ensure that information security risk assessments produce consistent, valid and comparable results
  • Works with risk owners to develop acceptable treatment plans
  • Responsible for successful application of treatment plans and the documentation of residual risks that have been accepted by risk owners
  • Assists in the on-going improvement of the Information Security Management System (ISMS)
  • Coordinates between departments and teams to improve the information security stance for the entire company
General Assembly

1,001-5,000 employees

Online learning platform
Company Overview
General Assembly fosters an elite professional community of individuals and companies through education and strategic career connections.
  • Inspiration - Shape how people think and learn, from junior developers to employees of Fortune 500 companies.
  • Community - Collaborate with smart, passionate peers to achieve goals and grow our business.
  • Growth - Develop professional skills through mentorship, career development, and free GA classes.
  • Benefits - Balance work and life with generous paid time off, parental leave, and more.