VP, Senior Security Testing Engineer
Who You Are:
The Product Security team is looking for a Senior Cybersecurity Testing Engineer to design and implement a security testing program aligned with phases of our SDLC, with help from the Product Security team.
Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products in our scope are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.
As of today we envision the development of such pillars as part of the security testing program:1. Security Quality Assurance practice consisting of a) manual and automated testing of security features of our products; b) security-oriented code reviews of critical features2. Adversarial Testing Campaigns: driven by threat intelligence, advanced testing techniques to uncover vulnerabilities in our products, infrastructure, or processes
As a member of the product security team, the testing engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.
We are looking for a driven professional, with great communication and time management skills, and who is comfortable with working in a fast-paced environment. The engineer must have strong foundations in at least 2 of the following areas: adversarial testing, automation of testing lifecycle, development/code reviews.
What You’ll Do:
- Bullet Points of Responsibilities
- Design and implement the security testing program with guidance from the director of product security and help from product security team members
- Plan testing activities, communicate with involved teams (software engineering, SRE, …)
- Perform security-focused code reviews
- Perform manual testing of security features such as authentication, authorization
- Take initiative in developing automated testing platforms to reduce amount of manual test
- Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly; provide report of vulnerabilities
- Recommend off-the shelf and specialized testing tools for the firm
- Develop an extensive knowledge of the technical architecture and business functionality of Galaxy products
- Help maintain and address stability of the testing environment
- Be an advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
- Provide guidance to development and SRE teams on the mitigation of vulnerabilities
- Stay informed of the latest developments in adversarial tactics and techniques and application vulnerabilities - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats
What We’re Looking For:
- Bachelor or post-graduate diploma in cybersecurity or technology
- 5 years’ experience in security research and testing
- 3 years’ experience with cloud and container architectures
- Programming and scripting language experience; Java, C++, Python desired
- Security certification in cybersecurity testing -or- network security -or- application security (OSCP/CEH, Network+, CSSLP)
- Automated testing suites such as Selenium
- Attention to detail, to be able to plan and execute tests on a wide range of applications
- Ability to think creatively and strategically to identify flaws and vulnerabilities
- Experience with automated security testing such as DAST, SAST, SCA
- Cryptocurrency, trading, and derivatives financial products knowledge
- Familiarity with multi-participant approvals such as MPC and multi-signature
The base salary ranges included below will be commensurate with candidate experience, expertise and local market. Final offer amounts are determined by multiple factors, including candidate experience and expertise. At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.
Base Salary Range: $180,000 - $220,000
What We Offer:
- Competitive base salary, bonus, and equity compensation
- Flexible Time Off (i.e. unlimited paid vacation days)
- Company paid Holidays (11)
- Company paid sick leave
- Company-paid health and protective benefits for employees, partners, and other dependents
- 3% 401(k) company contribution
- Generous paid Parental Leave
- Free virtual coaching and counseling sessions through Ginger
- Opportunities to learn about the Crypto industry
- Free daily snacks in-office
- Smart, entrepreneurial, and fun colleagues
- Employee Resource Groups
Apply now and join us on our mission to engineer a new economic paradigm.
Listed in: Web3 Jobs, Web3 Web3 Jobs, Trading Web3 Jobs, Research Web3 Jobs, Operations Crypto Jobs, Security Crypto Jobs, Developer Web3 Jobs, Engineering Crypto Jobs, Director Crypto Jobs, Python Crypto Jobs, Senior Crypto Jobs, Quality Assurance Crypto Jobs, Data Crypto Jobs, Sre Web3 Jobs, Java Web3 Jobs, Full Time Crypto Jobs.