Director, Product Security (ProdSec)

  • Galaxy Digital
  • New York, NY or Remote
  • May 09, 2022
Full time Remote Product Management

Job Description

Who We Are:

At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across multiple synergistic business lines: Trading, Asset Management (passive and active strategies), Principal Investments,  Investment Banking Services, and Mining. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with offices in Chicago, London, Amsterdam, Tokyo, Hong Kong, the Cayman Islands (registered office), and New Jersey.

Additional information about the Company's businesses and products is available on www.galaxydigital.io.

What We Value:

We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.

  • Seek Excellence.
  • Be Selective To Be Effective.
  • Be Highly Aligned, Loosely Coupled.
  • Disagree Transparently.
  • Encourage Independent Decision-Making.
  • Build Dream Teams.

Who You Are:

Galaxy is seeking a highly technical and experienced Director of Product Security to lead a team of security engineers to ensure Galaxy products and services are built securely by design.  This position will work hand in hand with engineering teams and business stakeholders to model threats, evaluate product requirements, develop security objectives and requirements, conduct security engineering, and ensure secure software development, engineering, and integration.

What You’ll Do:

  • Work closely with application development, infrastructure engineering and platform teams and participate throughout the software lifecycle to integrate security into the software engineering lifecycle.
  • Work with stakeholder teams to formulate and implement a strategy for software security that is tailored to the specific threats facing the application, software, and environment.:Assess the security of the applications, software, and operational components.
  • Participate in relevant design and code reviews, assist with development and review of test plans to ensure effective security coverage, conduct application security assessments.
  • Assist with implementation and integration of tools and processes for security testing including: Static Analysis (CAST), Dynamic Analysis (DAST), Bug Bounty programs, other code review automation.
  • Develop a cadre of primary contacts with associated cyber security interests across the engineering team following a guild or practice model.
  • Coordinate 3rd party vendor contracts and subject matter experts and related activities.
  • Hire, train and develop additional Security Researchers and Security Engineers.
  • Provide training and thought leadership for secure software development practices.

What We’re Looking for:

  • Bachelors or advanced degree
  • 7+years of relevant experience in cyber security or related field; software engineering and/or application security focus preferable, e.g.:
    • Traditional Computer Science background with formal or avocational focus on security tools and techniques, a formal degree or certificate cyber security program, direct experience in a cyber security role (such as security architect or pen-tester), or equivalent experience.
    • Non-traditional backgrounds are also welcome provided you can demonstrate the requisite software engineering skills and security knowledge.
  • Experience managing other engineers in a technical and people leadership role.
  • Deep Experience / Expertise in at least a few of the following areas:
    • Proficiency in at least one of the following development languages: C/C++, Java, JavaScript, or Python.
    • Proficiency with basic Linux systems privilege and permission models, admin and operational concepts, and basic scripting.
    • Understanding of attack tools such as Metasploit, Burp Suite, Fuzzing, Gauntlt, Kali Linux.
    • Solid understanding of application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
    • Technical knowledge of AWS Public Cloud security framework and concepts
    • Knowledge of common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
    • Understanding of IP networking, firewalls, network security rules, etc.
    • Familiarity with Agile software development methodologies and project management tools.
  • Understanding of generally accepted approaches to security threat modeling and its application to secure software engineering.
  • Ability to organize and execute complex plans with minimal direction.
  • Strong business acumen and ability to work with application development, quality assurance, DevSecOps, and peer security and engineering teams.
  • Familiarity with SDLC security tools and their application.

What We Offer:

  • Competitive compensation
  • Hybrid/Flexible Working Arrangements
  • Flexible Time Off (paid)
  • 3% 401(k) company contribution
  • Company-paid health insurance for employees, partners, and other dependents
  • Generous paid Parental Leave
  • Opportunities to learn about the Crypto industry
  • Free daily snacks and weekly lunches
  • Smart, entrepreneurial, and fun colleagues
  • Annual charitable giving match
  • Employee Resource Groups
  • Free virtual coaching and counseling sessions through Ginger

 

Apply now and join us on our mission to engineer a new economic paradigm.

Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.

We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact careers@galaxydigital.io.