Summary

Company Information

At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across three complementary operating businesses: Global Markets, Asset Management, and Digital Infrastructure Solutions. Our offerings include, amongst others, trading, lending, strategic advisory services, institutional-grade investment solutions across passive, active and venture strategies, proprietary bitcoin mining and hosting services, network validator services, and the development of enterprise custodial technology. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with global across North America, Europe and Asia.

Role Information

We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.

Seek Excellence.

Be Selective To Be Effective.

Be Highly Aligned, Loosely Coupled.

Disagree Transparently.

Encourage Independent Decision-Making.

Build Dream Teams.

Who You Are:

Galaxy is seeking a Product Security Engineer to join our team of senior ProdSec and offensive security engineers. The engineer will contribute to establishing our secure by design program to all software and production engineering teams, and elaborate standards and best practices to bring efficiency to those engineers as they implement security controls. We are looking for a curious, collaborative, detailed oriented individual who will gradually build a solid understanding of Galaxy business lines and solutions. Based in London, the Product Security Engineer will work with teams in the local office as well as US (where all other members of ProdSec are based) and Hong Kong.

What You’ll Do:

Assist software and production engineering teams in applying threat modeling to their designs

Assess which security controls are most adequate for a specific design, taking into consideration the existing policies and standards

With guidance from senior team members, elaborate standards to be used by engineering teams: e.g. use of OAuth in custom applications, required system and network hardening for a blockchain transaction signing application

Assist software and production engineering teams in understanding vulnerabilities reported by various security tools (SAST, SCA, container/OS scanners)

Build solid understanding of the London and HK-built technology stacks

Help increase the understanding of our secure by design program for London and HK technology teams, as well as Project Management and Product points of contact

What We’re Looking For:

Bachelor or post-graduate diploma in cybersecurity or technology

2+ years work experience in product security, application security, cloud security, or software development of security features

Strong understanding of at least a few of the following topics: authentication and authorization technology, TLS and PKI, network security, cloud security, system security

Threat modeling, risk assessment, controls review

SAST, DAST, SCA

Programming experience

Strong analysis skills, detail oriented

Very good verbal and written communication skills, collaborative and solution-driven

Experience working in financial services and/or on blockchain related projects

Security or cloud certifications

What We Offer:

Competitive base salary, bonus, and equity compensation

Company-paid health and protective benefits for employees and their eligible dependents

Free virtual coaching and counseling sessions

Opportunities to learn about the Crypto industry

Smart, entrepreneurial, and fun colleagues

Employee Resource Groups

*Benefits may vary depending on location.