Who We Are:

At Galaxy we are building products and services to help the world invest in economic progress. We believe crypto and blockchain innovations will permeate and improve all aspects of our global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader helping institutions, startups, and individuals access and navigate the crypto economy. As one of the most well-capitalized and trusted companies in the industry, we provide platform solutions custom-made for a digitally native ecosystem across three complementary operating businesses: Global Markets, Asset Management, and Digital Infrastructure Solutions. Our offerings include, amongst others, trading, lending, strategic advisory services, institutional-grade investment solutions across passive, active and venture strategies, proprietary bitcoin mining and hosting services, network validator services, and the development of enterprise custodial technology. Galaxy’s CEO and Founder Michael Novogratz leads a team of crypto enthusiasts, and institutional veterans focused on the future of finance and Web3. The Company is headquartered in New York City, with global across North America, Europe and Asia.

Additional information about the Company's businesses and products is available on www.galaxy.com.

What We Value:

We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.

  • Seek Excellence.
  • Be Selective To Be Effective.
  • Be Highly Aligned, Loosely Coupled.
  • Disagree Transparently.
  • Encourage Independent Decision-Making.
  • Build Dream Teams.

Who You Are:

The Product Security team is looking for a Senior Offensive Security Engineer to design and implement a security testing program where we will use creative adversarial techniques to uncover vulnerabilities in our products, but also dedicate a substantial amount of time to provide guidance and hands on help to engineers to remediate the issues.

Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products in our scope are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.

As of today we envision the development of such pillars as part of the security testing program:

  1. Penetration testing of high priority features: product security engineers will prioritize features and applications to be tested, with specific objectives
  2. Adversarial Testing Campaigns: driven by threat intelligence, advanced testing techniques to uncover vulnerabilities in our products, infrastructure, or processes

As a member of the product security team, the testing engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.

We are looking for a driven professional, with great communication and organization skills.

What You’ll Do:

  • Design and implement the security testing program with guidance from the director of product security and help from product security team members
  • Plan testing activities, communicate with involved teams (software engineering, SRE, …)
  • Perform security-focused code reviews
  • Perform manual testing of security features such as authentication, authorization
  • Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly; Provide report of vulnerabilities
  • Recommend off-the shelf and specialized testing tools for the firm
  • Develop an extensive knowledge of the technical architecture and business functionality of Galaxy products
  • Help maintain and address stability of the testing environment
  • Be an advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
  • Provide guidance to development and SRE teams on the mitigation of vulnerabilities
  • Stay informed of the latest developments in adversarial tactics and techniques and application vulnerabilities - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats

What We’re Looking For:

  • Security certification in cybersecurity testing (OSWE/OSCP/OSWA or equivalent)
  • Bachelor or post-graduate diploma in cybersecurity or technology
  • 5+ years experience in security research and web penetration testing
  • 3+ years experience with cloud and container architectures
  • Programming and scripting language experience; Java, C++, Python, or similar languages
  • Attention to detail, to be able to plan and execute tests on a wide range of applications
  • Excellent communication skills and the ability to collaborate effectively with cross-functional teams
  • Ability to think creatively and strategically to identify flaws and vulnerabilities
  • Experience with automated security testing such as DAST, SAST, SCA

Bonus Points:

  • Cryptocurrency, trading, and derivatives financial products knowledge
  • Familiarity with multi-participant approvals such as MPC and multi-signature

The base salary ranges included below will be commensurate with candidate experience, expertise and local market. Final offer amounts are determined by multiple factors, including candidate experience and expertise. At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.

Base Salary Range: $180,000 - $220,000

What We Offer:

  • Competitive base salary, bonus, and equity compensation
  • Flexible Time Off (i.e. unlimited paid vacation days)
  • Company paid Holidays (11)
  • Company paid sick leave
  • Company-paid health and protective benefits for employees, partners, and other dependents
  • 3% 401(k) company contribution
  • Generous paid Parental Leave
  • Free virtual coaching and counseling sessions through Ginger
  • Opportunities to learn about the Crypto industry
  • Free daily snacks in-office
  • Smart, entrepreneurial, and fun colleagues
  • Employee Resource Groups

Apply now and join us on our mission to engineer a new economic paradigm.

Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.

We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact careers@galaxy.com. 

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)
Cancel
When autocomplete results are available use up and down arrows to review
+ Add another education
INVITATION TO SELF-IDENTIFY

Collecting diversity data from colleagues is a well-established way to track and encourage improvement in diversity.  We are asking you to provide this information on a voluntary basis to help us inform our recruiting practices and policies. It is entirely your choice if you choose to provide this information.  Your managers will not have access to your responses.

This helps us plan our work in promoting a diverse and inclusive working environment. This information is used for monitoring and reporting purposes only and will only be shared in an anonymous, collective format. 

GENDER/SEXUAL ORIENTATION

Our company does not discriminate on the basis of sexual orientation, gender identity, or gender expression. But to track the effectiveness of our recruiting efforts and ensure we consider the needs of all our employees, please consider the following optional questions.

Transgender is an umbrella term that refers to people whose gender identity, expression or behavior is different from those typically associated with their assigned sex at birth. Other identities considered to fall under this umbrella can include non-binary, gender fluid, and genderqueer – as well as many more.

Your voluntary cooperation is appreciated.  Thank you.

Sex (Select one)


Ethnicity - Please check the appropriate box below.


Race - Please check the appropriate box(es) below.





Veteran Service - Do you identify as a veteran of the United States Armed Forces?



What is your gender identity? (Select one)





What is your Sexual Orientation (Select one)






Do you identify as transgender? (Select one)



Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.
Please complete the reCAPTCHA above.