Who We Are:
At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across multiple synergistic business lines: Trading, Asset Management (passive and active strategies), Principal Investments, Investment Banking Services, and Mining. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with offices in Chicago, London, Amsterdam, Tokyo, Hong Kong, the Cayman Islands (registered office), and New Jersey.
Additional information about the Company's businesses and products is available on www.galaxy.com.
What We Value:
We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.
- Seek Excellence.
- Be Selective To Be Effective.
- Be Highly Aligned, Loosely Coupled.
- Disagree Transparently.
- Encourage Independent Decision-Making.
- Build Dream Teams.
Who You Are:
Galaxy is seeking a Lead Application Security Engineer to lead overall secure software development lifecycle (S-SDLC) from inception to delivery. We’re looking for a senior expert in product security to work closely with our VP of Security Architecture and product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company.
What You’ll Do:
- Integrate security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations.
- Work with engineering stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the applications, software, and platform environments.
- Assist peer engineering and software delivery teams in assessing the security of the applications, software, and operational components including:
- Participate in relevant secure software design and code reviews.
- Assist with development and review of test plans to ensure effective security coverage.
- Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
- Provide expertise and advice on cloud application and infrastructure security design patterns.
- Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation.
- Provide training and thought leadership for secure software development practices.
- Be a subject matter expert for security patterns for cloud-based applications and services.
What We’re Looking For:
- 6+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field.
- Bachelor’s degree in cybersecurity, software engineering, computer science, or related field.
- Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
- Proficient to expert technical skills in several of the following:
- Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
- IP networking, firewalls, network security rules, etc.
- Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc).
- Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
- Agile fundamentals like Test Driven Development, backlog management, and user stories.
- Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban.
- Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs.
- Self-starter with strong business acumen.
- Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams.
- Excellent verbal and written presentation skills with a proficiency in English.
The base salary ranges included below are for New York based hires only and will be commensurate with candidate experience and expertise. Base salary ranges for candidates in other locations other than New York may differ based on the cost of labor in that location. Base salary range: $180,000 - $210,000. Final offer amounts are determined by multiple factors including geographic location as well as candidate experience and expertise and may vary from the amounts listed below. At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.
What We Offer (US):
- Competitive base salary, bonus, and equity compensation
- Flexible Time Off (paid)
- 3% 401(k) company contribution
- Company-paid health and protective benefits for employees, partners, and other dependents
- Generous paid Parental Leave
- Free virtual coaching and counseling sessions through Ginger
- Opportunities to learn about the Crypto industry
- Free daily snacks in-office
- Smart, entrepreneurial, and fun colleagues
- Employee Resource Groups
*Benefits may vary depending on location.
Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.
We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact [email protected]