Galaxy is seeking a VP, Security Architecture to lead overall secure software development lifecycle (S-SDLC) from inception to delivery. We’re looking for a senior expert in security architecture to work closely with our product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company.
On a given day at Galaxy, you will:
- Champion security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations.
- Work with stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the application, software, and environment.
- Assist peer teams in assessing the security of the applications, software, and operational components including:
- Participate in relevant design and code reviews.
- Assist with development and review of test plans to ensure effective security coverage.
- Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
- Provide expertise and advice on cloud application and infrastructure security design patterns.
- Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation.
- Provide training and thought leadership for secure software development practices.
- Be a subject matter expert for security patterns for cloud-based applications and services.
You’ve worked hard for:
- 7+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field.
- Bachelor’s degree in cybersecurity, software engineering, computer science, or related field.
- Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
- Proficient to expert technical skills in several of the following:
- Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
- IP networking, firewalls, network security rules, etc.
- Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc).
- Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.
- Agile fundamentals like Test Driven Development, backlog management, and user stories.
- Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban.
- Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs.
- Self-starter with strong business acumen.
- Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams.
- Excellent verbal and written presentation skills with a proficiency in English.