Director, Product Security (ProdSec)
atGalaxy Digital Services
Jan 19
Galaxy Digital (TSX: GLXY) is a technology-driven financial services and investment management firm that provides institutions and direct clients with a full suite of financial solutions spanning the digital assets ecosystem. Galaxy Digital operates five synergistic business lines: Trading, Asset Management, Principal Investments, Investment Banking, and Mining. Galaxy Digital's CEO and Founder is Mike Novogratz. The Company is headquartered in New York City, with offices in Chicago, San Francisco, London, Amsterdam, Tokyo, Hong Kong, the Cayman Islands (registered office), and New Jersey. Additional information about the Company's businesses and products is available on www.galaxydigital.io.
Who You Are:
Galaxy is seeking a highly technical and experienced Director of Product Security to lead a team of security engineers to ensure Galaxy products and services are built securely by design. This position will work hand in hand with engineering teams and business stakeholders to model threats, evaluate product requirements, develop security objectives and requirements, conduct security engineering, and ensure secure software development, engineering, and integration.
What You’ll Do:
- Work closely with application development, infrastructure engineering and platform teams and participate throughout the software lifecycle to integrate security into the software engineering lifecycle.
- Work with stakeholder teams to formulate and implement a strategy for software security that is tailored to the specific threats facing the application, software, and environment.:Assess the security of the applications, software, and operational components.
- Participate in relevant design and code reviews, assist with development and review of test plans to ensure effective security coverage, conduct application security assessments.
- Assist with implementation and integration of tools and processes for security testing including: Static Analysis (CAST), Dynamic Analysis (DAST), Bug Bounty programs, other code review automation.
- Develop a cadre of primary contacts with associated cyber security interests across the engineering team following a guild or practice model.
- Coordinate 3rd party vendor contracts and subject matter experts and related activities.
- Hire, train and develop additional Security Researchers and Security Engineers.
- Provide training and thought leadership for secure software development practices.
What We’re Looking for:
- Bachelors or advanced degree
- 7+years of relevant experience in cyber security or related field; software engineering and/or application security focus preferable, e.g.:
- Traditional Computer Science background with formal or avocational focus on security tools and techniques, a formal degree or certificate cyber security program, direct experience in a cyber security role (such as security architect or pen-tester), or equivalent experience.
- Non-traditional backgrounds are also welcome provided you can demonstrate the requisite software engineering skills and security knowledge.
- Experience managing other engineers in a technical and people leadership role.
- Deep Experience / Expertise in at least a few of the following areas:
- Proficiency in at least one of the following development languages: C/C++, Java, JavaScript, or Python.
- Proficiency with basic Linux systems privilege and permission models, admin and operational concepts, and basic scripting.
- Understanding of attack tools such as Metasploit, Burp Suite, Fuzzing, Gauntlt, Kali Linux.
- Solid understanding of application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
- Technical knowledge of AWS Public Cloud security framework and concepts
- Knowledge of common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
- Understanding of IP networking, firewalls, network security rules, etc.
- Familiarity with Agile software development methodologies and project management tools.
- Understanding of generally accepted approaches to security threat modeling and its application to secure software engineering.
- Ability to organize and execute complex plans with minimal direction.
- Strong business acumen and ability to work with application development, quality assurance, DevSecOps, and peer security and engineering teams.
- Familiarity with SDLC security tools and their application.
What We Offer:
- Competitive compensation
- Hybrid/Flexible Working Arrangements
- Flexible Time Off (paid)
- 3% 401(k) company contribution
- Company-paid health insurance for employees, partners, and other dependents
- Generous paid Parental Leave
- Opportunities to learn about the Crypto industry
- Free daily snacks and weekly lunches
- Smart, entrepreneurial, and fun colleagues
- Annual charitable giving match
- Employee Resource Groups
- Free virtual coaching and counseling sessions through Ginger
Apply now and join us on our mission to engineer a new economic paradigm.
Listed in: Crypto Jobs, Remote Crypto Jobs, Security Crypto Jobs, Developer Web3 Jobs, Engineering Web3 Jobs, DireCTOr Web3 Jobs, Python Crypto Jobs, C++ Crypto Jobs, JavaScript Crypto Jobs, Quality Assurance Crypto Jobs, Full Time Web3 Jobs.