Summary
Company Information
At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across three complementary operating businesses: Global Markets, Asset Management, and Digital Infrastructure Solutions. Our offerings include, amongst others, trading, lending, strategic advisory services, institutional-grade investment solutions across passive, active and venture strategies, proprietary bitcoin mining and hosting services, network validator services, and the development of enterprise custodial technology. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with global across North America, Europe and Asia.
Role Information
We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.
Seek Excellence.
Be Selective To Be Effective.
Be Highly Aligned, Loosely Coupled.
Disagree Transparently.
Encourage Independent Decision-Making.
Build Dream Teams.
Who You Are:
Galaxy is seeking a Product Security Engineer to join our team of senior ProdSec and offensive security engineers. The engineer will contribute to establishing our secure by design program to all software and production engineering teams, and elaborate standards and best practices to bring efficiency to those engineers as they implement security controls. We are looking for a curious, collaborative, detailed oriented individual who will gradually build a solid understanding of Galaxy business lines and solutions. Based in London, the Product Security Engineer will work with teams in the local office as well as US (where all other members of ProdSec are based) and Hong Kong.
What You’ll Do:
Assist software and production engineering teams in applying threat modeling to their designs
Assess which security controls are most adequate for a specific design, taking into consideration the existing policies and standards
With guidance from senior team members, elaborate standards to be used by engineering teams: e.g. use of OAuth in custom applications, required system and network hardening for a blockchain transaction signing application
Assist software and production engineering teams in understanding vulnerabilities reported by various security tools (SAST, SCA, container/OS scanners)
Build solid understanding of the London and HK-built technology stacks
Help increase the understanding of our secure by design program for London and HK technology teams, as well as Project Management and Product points of contact
What We’re Looking For:
Bachelor or post-graduate diploma in cybersecurity or technology
2+ years work experience in product security, application security, cloud security, or software development of security features
Strong understanding of at least a few of the following topics: authentication and authorization technology, TLS and PKI, network security, cloud security, system security
Threat modeling, risk assessment, controls review
SAST, DAST, SCA
Programming experience
Strong analysis skills, detail oriented
Very good verbal and written communication skills, collaborative and solution-driven
Experience working in financial services and/or on blockchain related projects
Security or cloud certifications
What We Offer:
Competitive base salary, bonus, and equity compensation
Company-paid health and protective benefits for employees and their eligible dependents
Free virtual coaching and counseling sessions
Opportunities to learn about the Crypto industry
Smart, entrepreneurial, and fun colleagues
Employee Resource Groups
*Benefits may vary depending on location.