Overview

Who are we?

Our vision is of a global community of individuals empowered to pursue the work they love. Our mission is to grow that community by transforming millions of thinkers into creators.

Since 2011, General Assembly has transformed tens of thousands of careers through pioneering, experiential education in today’s most in-demand skills. As featured in The Economist, Wired, and The New York Times, GA offers training in web development, data, design, business, and more, both online and at campuses around the world. Our global professional community boasts 40,000 full- and part-time alumni — and counting.

GA has a remote-friendly culture with offices around the world. If you prefer the office, our headquarters are located in New York City. Twice a year, the entire Product team gets together in New York for a week of team building, workshops, lightning talks, urban adventures, and an epic hackathon.

Role

General Assembly (GA) is searching for a Senior Information Security Engineer to help drive business critical engineering  initiatives focusing on the security of our users and systems. You will serve as the conduit between our Engineering and InfoSec teams, building an expert-level understanding of our technical infrastructure, software products, and processes. By working alongside DevOps and Infrastructure teams, you will be expected to design, plan and implement strategic and tactical security improvements that will support all of engineering.  This is a tremendous ownership opportunity to help GA secure the future success of its business.

Key Responsibilities

  • Lead efforts on penetration testing, code reviews, design/architecture, and system security reviews.
  • Plays an advisory role in software development  projects to assess security requirements and controls and to ensure that security controls are implemented
  • Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action
  • Responsible for ensuring all systems and devices on the company network are adequately patched and protected from malicious software and other intrusion attempts
  • Manage company’s portfolio of security vulnerability management, automation, authentication and monitoring tools (Darktrace, Okta and Bettercloud).
  • Conduct or assist in the  investigations of alerts, event management, spam investigation, threat management, penetration testing, etc
  • Assist in the annual IT Security  Risk Assessments and associated risk mitigation and avoidance functions based on ISO 27001
  • Educate other engineers on secure coding security best practices and empower them to do their job securely without creating additional friction
  • Demonstrate Expertise in mitigating real-world attacks, such as DDoS, XSS, CSRF, and dictionary attacks.
  • Ability to assess applications and the associated data flow for risk to sensitive data, systems, or infrastructure.

Key Requirements

  • A minimum of 8 years of relevant experience
  • Proven experience and deep understanding of web application architecture, including TCP/IP, HTTP, TLS, HTTP/2, and common authentication schemes.
  • Should be able to identify SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
  • Proven experience with common authentication technologies such as OAuth and SAML.
  • Proven experience with browser-based security controls such as CSP, HSTS, XFO.
  • Preferred experience with security management  tools – Okta, Bettercloud and Darktrace.
  • Superb communication skills and adept proficiency at distilling complex concepts into tangible value-generating initiatives.
  • Knowledge of cryptography and encryption products, data loss prevention, mobile device management.
  • Knowledge of Cyber Security Frameworks (NIST, ISO,)
  • Relevant certifications – CISSP, CISA or equivalent is preferred but not required

Benefits

  • Highly Competitive Salary
  • Generous parental leave
  • Annual Education Allowance
  • Gym Allowance
  • Apple MacBook Pro + External Monitor
  • Flexible PTO
  • 401k Retirement plan
  • Health, Dental & Vision Insurance
  • Company iPhone

Who can apply?

You are living in or willing to self-relocate to…

  • The USA in any of these states: CA, CO, CT, DC, FL, GA, IL, KS, MA, NY, NC, TX, VA, WI and/or WA