Associate, Offensive Security Engineer

Perform internal testing of Galaxy Digital’s products and infrastructure, utilizing creative adversarial techniques to uncover and report vulnerabilities. Provide guidance to technology peers on remediation.

Overview

Department

Job type

Full time

Compensation

$145,000 - $160,000 per year

Location

New York, United States, North America

Resume Assistance

See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service

Click to upload

or drag and drop

pdf, doc, or docx (max. 10MB)

Ready to apply?

You're one step away - it takes less than a minute to upload your resume

Requirements

Security certification in cybersecurity testing (OSWE/OSCP/OSWA/eWPTX/BSCP or equivalent)

Bachelor or post-graduate diploma in any field

3+ years experience in security research and penetration testing

Strong Background in blockchain technologies and/or cryptocurrency

Programming and scripting language experience; Java, C++, Python, or similar languages

Attention to detail, to be able to plan and execute tests on a wide range of applications

Excellent communication skills and the ability to collaborate effectively with cross-functional teams

Ability to think creatively and strategically to identify flaws and vulnerabilities

Experience with automated security testing such as DAST, SAST, SCA

Responsibilities

Plan testing activities and documenting Rules of Engagement, Scope, and Deliverables

Utilize internal documentation and codebases to assist in discovery of shadow assets and vulnerabilities

Perform security-focused code reviews of codebases in a variety of languages

Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly

Provide deliverables in the form of written reports and/or tickets

Recommend and implement off-the shelf and specialized testing tools for the firm

Develop an extensive knowledge of the technical architecture and business functionality of Galaxy products

Engage with vendors to help shape our Agile Pentesting Program

Provide guidance to development and SRE teams on the mitigation of vulnerabilities

Advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted

Stay informed of the latest developments in adversarial tactics and techniques - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats

Benefits

Competitive base salary and discretionary bonus

Flexible Time Off (i.e. unlimited paid vacation days)

Company paid Holidays (11)

Company paid sick leave

Company-paid health and protective benefits for employees, partners, and other dependents

3% 401(k) company contribution

Generous paid Parental Leave

Free virtual coaching and counseling sessions through Headspace

Opportunities to learn about the Crypto industry

Smart, entrepreneurial, and fun colleagues

Employee Resource Groups