VP, Security Architecture

  • Applications may have closed
Apply for job

Galaxy Digital Services

New York, NY or Remote


About You

Galaxy is seeking a VP, Security Architecture to lead overall secure software development lifecycle (S-SDLC) from inception to delivery
We’re looking for a senior expert in security architecture to work closely with our product, infrastructure, and engineering teams to design and deliver secure software solutions at a rapidly growing company

On a given day at Galaxy, you will:

  • Champion security throughout the software lifecycle from concept and definition through design and implementation to deployment and ongoing operations
  • Work with stakeholders to formulate and implement a strategy for software security tailored to the specific risks facing the application, software, and environment
  • Assist peer teams in assessing the security of the applications, software, and operational components including:
    • Participate in relevant design and code reviews
    • Assist with development and review of test plans to ensure effective security coverage
    • Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies
    • Provide expertise and advice on cloud application and infrastructure security design patterns
    • Assist with implementation and integration of tools and processes for security testing including Static & Dynamic Analysis (SAST/DAST), Vulnerability Information Feeds, and other security automation
  • Provide training and thought leadership for secure software development practices
  • Be a subject matter expert for security patterns for cloud-based applications and services

You’ve worked hard for:

  • 7+ years’ experience in cybersecurity, software engineering, computer science with a focus on security, or related field
  • Bachelor’s degree in cybersecurity, software engineering, computer science, or related field
  • Certifications in Application Security or Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged
  • Proficient to expert technical skills in several of the following:
    • One or more development languages: C/C++, Java, Javascript, or Python
    • Application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc
    • IP networking, firewalls, network security rules, etc
    • Cloud computing technologies (AWS, GCP) and delivery patterns (PaaS, IaaS, serverless, etc)
    • Common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25
    • Agile fundamentals like Test Driven Development, backlog management, and user stories
    • Continuous Integration/Testing/Delivery tools and techniques and agile development methodologies including TDD/XP/Scrum/Kanban
  • Understanding and experience with privacy concepts including privacy by design, GDPR, PIAs, and personal data handling and security profile standards like CIS Benchmarks and DISA STIGs
  • Self-starter with strong business acumen
  • Ability to work independently and with application development, quality assurance, DevSecOps, and peer security teams
  • Excellent verbal and written presentation skills with a proficiency in English