VP, Security Architecture

  • Applications have closed

Galaxy Digital Services

New York, NY or Remote

About You

Galaxy is seeking a VP, Security Architecture to lead overall secure software development lifecycle (S-SDLC) from inception to delivery. We’re looking for a senior expert in security architecture to work closely with our product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company.

On a given day at Galaxy, you will:

  • Champion security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations.
  • Work with stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the application, software, and environment.
  • Assist peer teams in assessing the security of the applications, software, and operational components including:
    • Participate in relevant design and code reviews.
    • Assist with development and review of test plans to ensure effective security coverage.
    • Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
    • Provide expertise and advice on cloud application and infrastructure security design patterns.
    • Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation.
  • Provide training and thought leadership for secure software development practices.
  • Be a subject matter expert for security patterns for cloud-based applications and services.

You’ve worked hard for:

  • 7+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field.
  • Bachelor’s degree in cybersecurity, software engineering, computer science, or related field.
  • Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
  • Proficient to expert technical skills in several of the following:
    • One or more development languages: C/C++, Java, Javascript, or Python.
    • Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
    • IP networking, firewalls, network security rules, etc.
    • Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc).
    • Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
    • Agile fundamentals like Test Driven Development, backlog management, and user stories.
    • Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban.
  • Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs.
  • Self-starter with strong business acumen.
  • Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams.
  • Excellent verbal and written presentation skills with a proficiency in English.