Senior Security Engineer (Product Security)

Senior Security Engineer (Product Security) Who are we? FalconX is a pioneering team of operators, investors, and builders committed to revolutionizing institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape. FalconX is one of the fastest-growing startups in FinTech. We are redefining prime brokerage from the ground up. We are building the world's smartest institutional brokerage for digital assets. We are backed by some of the best investors in the world including Accel Partner, Tiger Global, American Express, Fidelity, Coinbase, Lightspeed Venture Partners, Altimeter Capital, Mirae Asset, BCapital + more yet to be publicly disclosed. We deliver institutional digital asset traders best-in-class trading, credit, custody and structured products. We trade, lend and secure tens of billions of dollars monthly, are highly profitable, and growing fast. We are data-driven. Whether it's a growth or product decision, we believe data can always help us make more precise and informed choices. We move fast. Speed of execution is essential for any startup, but we believe this is even more pertinent in our 24/7 industry. We prioritize learning. Outcomes are mission-critical, but we also believe that learning in success and in failure will drive our continued success. Our industry is emergent - there's no shortage of experiments to get involved with and to continue growing and learning together. FalconX has offices in San Mateo, Bangalore, Chicago and New York. Responsibilities Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements; Interface with the rest of Engineering on the security of FalconX's software products (Cryptocurrency; High Frequency Trading; AI systems). You'll provide guidance / recommendations / and drive the Engineers to implement your recommendations. Review and provide eng-design / architectural guidance for application systems Occasional Vulnerability Management Educate and Train Engineers on Application Security fundamentals Execute and improve security reviews and consulting processes with runbooks and automation. Knowledge, Skills & Abilities Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX. Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. Technical Project Management Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision. Vulnerability management, incident response Qualifications Minimum of 4 years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc Minimum of 4 years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers Exceptional written and verbal communication skills Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems Base pay for this role is expected to be between $171,500 - $246,500 USD for New York City and San Francisco Bay Area. This expected base pay range is based on information at the time this post was generated. This role will also be eligible for other forms of compensation such as a performance linked bonus, equity, and a competitive benefits package. Actual compensation for a successful candidate will be determined based on a number of factors such as location, skillset, experience, and qualifications. Inclusivity Statement FalconX is committed to building a diverse, inclusive, equitable, and safe workspace for all people. Our roles are intended for people from all walks of life. We encourage all those interested in applying to our organization to submit an application regardless if you are missing some of the listed background requirements, skills, or experiences! FalconX is an equal opportunity employer and will not discriminate against an applicant or employee based on race, color, religion, national origin, ancestry, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, veteran or military status, genetic information, citizenship, or any other legally-recognized protected basis under federal, state, or local law. #J-18808-Ljbffr

Created: 2025-02-23