Vice President, Offensive Security Engineer

Who You Are:

The Offensive Security team is looking for an Offensive Security Engineer to perform internal testing of Galaxy Digital's products and infrastructure. The assets to be tested will span the gamut - from traditional web applications to smart contracts. The engineer will use creative adversarial techniques to uncover and report vulnerabilities to provide full clarity to all relevant teams and stakeholders. The engineer will provide guidance and hands-on help to technology peers to remediate the issues.

Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products built by Galaxy are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.

As a member of the broader security team, the OffSec engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.

We are looking for a driven professional, with great communication and organization skills.

What You'll Do:

• Plan testing activities and documenting Rules of Engagement, Scope, and Deliverables
• Utilize internal documentation and codebases to assist in discovery of shadow assets and vulnerabilities
• Perform security-focused code reviews of codebases in a variety of languages
• Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly
• Provide deliverables in the form of written reports and/or tickets
• Recommend and implement off-the shelf and specialized testing tools for the firm
• Develop an extensive knowledge of the technical architecture and business functionality of Galaxy products
• Engage with vendors to help shape our Agile Pentesting Program
• Provide guidance to development and SRE teams on the mitigation of vulnerabilities
• Advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
• Stay informed of the latest developments in adversarial tactics and techniques - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats

What We're Looking For:

• Security certification in cybersecurity testing (OSWE/OSCP/OSWA/eWPTX/BSCP or equivalent)
• Bachelor or post-graduate diploma in any field
• 7+ years experience in security research and penetration testing
• Strong Background in blockchain technologies and/or cryptocurrency
• Programming and scripting language experience; Java, C++, Python, or similar languages
• Attention to detail, to be able to plan and execute tests on a wide range of applications
• Excellent communication skills and the ability to collaborate effectively with cross-functional teams
• Ability to think creatively and strategically to identify flaws and vulnerabilities
• Experience with automated security testing such as DAST, SAST, SCA

Bonus Points:

• Knowledge of Financial Products and their relationship to Crypto
• Familiarity with multi-participant approvals such as MPC and multi-signature

What We Offer:

• Competitive base salary and discretionary bonus
• Flexible Time Off (i.e. unlimited paid vacation days)
• Company paid Holidays (11)
• Company paid sick leave
• Company-paid health and protective benefits for employees, partners, and other dependents
• 3% 401(k) company contribution
• Generous paid Parental Leave
• Free virtual coaching and counseling sessions through Headspace
• Opportunities to learn about the Crypto industry
• Smart, entrepreneurial, and fun colleagues
• Employee Resource Groups

Apply now and join us on our mission to engineer a new economic paradigm.