Who We Are:
At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across multiple synergistic business lines: Trading, Asset Management (passive and active strategies), Principal Investments, Investment Banking Services, and Mining. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with offices in Chicago, London, Amsterdam, Tokyo, Hong Kong, the Cayman Islands (registered office), and New Jersey.
Additional information about the Company's businesses and products is available on www.galaxydigital.io.
What We Value:
We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.
- Seek Excellence.
- Be Selective To Be Effective.
- Be Highly Aligned, Loosely Coupled.
- Disagree Transparently.
- Encourage Independent Decision-Making.
- Build Dream Teams.
Galaxy is seeking a VP, Security Architecture to lead overall secure software development lifecycle (S-SDLC) from inception to delivery. We’re looking for a senior expert in security architecture to work closely with our product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company.
On a given day at Galaxy, you will:
- Champion security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations.
- Work with stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the application, software, and environment.
- Assist peer teams in assessing the security of the applications, software, and operational components including:
- Participate in relevant design and code reviews.
- Assist with development and review of test plans to ensure effective security coverage.
- Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
- Provide expertise and advice on cloud application and infrastructure security design patterns.
- Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation.
- Provide training and thought leadership for secure software development practices.
- Be a subject matter expert for security patterns for cloud-based applications and services.
You've worked hard for:
- 7+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field.
- Bachelor’s degree in cybersecurity, software engineering, computer science, or related field.
- Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
- Proficient to expert technical skills in several of the following:
- Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
- IP networking, firewalls, network security rules, etc.
- Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc).
- Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
- Agile fundamentals like Test Driven Development, backlog management, and user stories.
- Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban.
- Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs.
- Self-starter with strong business acumen.
- Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams.
- Excellent verbal and written presentation skills with a proficiency in English.
Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.
We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact firstname.lastname@example.org.