Galaxy FinX is looking for a Principal Security Engineer who has deep and broad experience in application and infrastructure security and a solid understanding of how a fast-growing company can accelerate its speed of growth, while maintaining a secure posture.
The Principal Security Engineer will work in close partnership with Product, Engineering and other functions to ensure security is embedded into everything we build. We value continuous delivery and automation of security controls and aim to embed security into all practices.
● Partner with Product & Engineering teams to identify cyber attack risks in the system and define tactical and strategic mitigation plans
● Conduct complete security lifecycle architecture and technical assessments, including but not limited to design requirements assessment, threat modelling, and risk assessment
● Build and champion a standardized set of security requirements and design patterns for internal systems and product offerings.
● Maintain SLA's by watching for new vulnerabilities, monitoring existing vulnerabilities, working on false-positives and detection logic changes
● Actively participate in company's Software Development Lifecycle (SDLC)
● Monitor current and proposed laws, regulations, industry standards and ethical requirements related to privacy and information security.
● Influence security strategy and roadmap by leveraging the collective strength of the security team and articulating the capabilities needed to effectively manage the cyber-attack risk
● Drive Security QBR in partnership with Product & Engineering
● Represent the company within the security community and with customers on topics related to the security of the company's products and services.
● 3+ years in a senior security leadership role
● 6+ years’ experience working in a security focused role in the technology or other technology heavy industry (e.g. Financial Services)
● Superb communication and interpersonal skills.
● Consistent track record designing and integrating security controls in cloud-based architectures
● Significant experience conducting threat modelling and risk assessments of cloud services, demonstrating clear ability to identify unique vulnerabilities
● Expert level knowledge at all layers of the information security stack with hands-on security engineering experience on AWS, GCP, TFE, Azure, Kubernetes, etc.
● Prior experience working with engineering teams on design and implementation of best-practices for security as code
● Have the mindset of "First-Time-Right" and "Secure-By-Default"
● Working knowledge of the MITRE ATT&CK, NIST CSF, and CIS Critical Control frameworks
● Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred
● BS or MS in Computer Science, Information Systems, Engineering or a related field