VP, Lead Application Security Engineer

Who You Are:

Galaxy is seeking a Lead Application Security Engineer to lead overall secure software development lifecycle (S-SDLC) from inception to delivery.

We’re looking for a senior expert in product security to work closely with our VP of Security Architecture and product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company.

What You’ll Do:

  • Integrate security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations.

  • Work with engineering stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the applications, software, and platform environments.

  • Assist peer engineering and software delivery teams in assessing the security of the applications, software, and operational components including:
    • Participate in relevant secure software design and code reviews.

    • Assist with development and review of test plans to ensure effective security coverage.

    • Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.

    • Provide expertise and advice on cloud application and infrastructure security design patterns.

    • Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation.

  • Provide training and thought leadership for secure software development practices.

  • Be a subject matter expert for security patterns for cloud-based applications and services.

What We’re Looking For:

  • 6+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field.

  • Bachelor’s degree in cybersecurity, software engineering, computer science, or related field.

  • Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.

  • Proficient to expert technical skills in several of the following:
    • One or more development languages: C/C++, Java, Javascript, or Python.

    • Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.

    • IP networking, firewalls, network security rules, etc.

    • Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc).

    • Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.

    • Agile fundamentals like Test Driven Development, backlog management, and user stories.

    • Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban.

  • Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs.

  • Self-starter with strong business acumen.

  • Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams.

  • Excellent verbal and written presentation skills with a proficiency in English.

The base salary ranges included below are for New York based hires only and will be commensurate with candidate experience and expertise.

Base salary ranges for candidates in other locations other than New York may differ based on the cost of labor in that location.

Base salary range: $180,000 – $210,000.

Final offer amounts are determined by multiple factors including geographic location as well as candidate experience and expertise and may vary from the amounts listed below.

At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.

What We Offer (US):

  • Competitive base salary, bonus, and equity compensation
  • Flexible Time Off (paid)
  • 3% 401(k) company contribution
  • Company-paid health and protective benefits for employees, partners, and other dependents
  • Generous paid Parental Leave
  • Free virtual coaching and counseling sessions through Ginger
  • Opportunities to learn about the Crypto industry
  • Free daily snacks in-office
  • Smart, entrepreneurial, and fun colleagues
  • Employee Resource Groups

*Benefits may vary depending on location.

Listed in: , , , , , , , , , , , , .