What are the responsibilities and job description for the Associate, Offensive Security Engineer position at Galaxy?
Who We Are
Galaxy is a global leader in digital assets and data center infrastructure, delivering solutions that accelerate progress in finance and artificial intelligence. We believe that blockchain and digital asset innovation will transform how value moves through the world – and we’re building the products and services to make that future a reality.
Our institutional digital assets platform spans trading, investment banking, asset management, staking, self-custody, and tokenization technology. We also invest in and operate cutting-edge data center infrastructure to power AI and high-performance computing, addressing the growing demand for scalable energy and compute in the U.S.
We work at the intersection of finance and technology, helping institutions, startups, and developers navigate a digitally native economy. Led by CEO and Founder Michael Novogratz, our team blends deep crypto expertise with institutional experience and a shared commitment to shaping the future of Web3 and AI.
Galaxy is headquartered in New York City, with offices across North America, Europe, the Middle East, and Asia.
To learn more about our businesses and products, visit www.galaxy.com.
What We Value
We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.
The Offensive Security team is looking for an Offensive Security Engineer to perform internal testing of Galaxy Digital’s products and infrastructure. The assets to be tested will span the gamut – from traditional web applications to smart contracts. The engineer will use creative adversarial techniques to uncover and report vulnerabilities to provide full clarity to all relevant teams and stakeholders. The engineer will provide guidance and hands-on help to technology peers to remediate the issues.
Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products built by Galaxy are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.
As a member of the broader security team, the OffSec engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.
We are looking for a driven professional, with great communication and organization skills.
What You’ll Do
The base salary ranges included below will be commensurate with candidate experience, expertise and local market. Final offer amounts are determined by multiple factors, including candidate experience and expertise. At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.
Base Salary Range
$145,000 - $160,000 USD
Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.
We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact careers@galaxy.com.
Galaxy is a global leader in digital assets and data center infrastructure, delivering solutions that accelerate progress in finance and artificial intelligence. We believe that blockchain and digital asset innovation will transform how value moves through the world – and we’re building the products and services to make that future a reality.
Our institutional digital assets platform spans trading, investment banking, asset management, staking, self-custody, and tokenization technology. We also invest in and operate cutting-edge data center infrastructure to power AI and high-performance computing, addressing the growing demand for scalable energy and compute in the U.S.
We work at the intersection of finance and technology, helping institutions, startups, and developers navigate a digitally native economy. Led by CEO and Founder Michael Novogratz, our team blends deep crypto expertise with institutional experience and a shared commitment to shaping the future of Web3 and AI.
Galaxy is headquartered in New York City, with offices across North America, Europe, the Middle East, and Asia.
To learn more about our businesses and products, visit www.galaxy.com.
What We Value
We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.
- Seek Excellence.
- Be Selective To Be Effective.
- Be Highly Aligned, Loosely Coupled.
- Disagree Transparently.
- Encourage Independent Decision-Making.
- Build Dream Teams.
The Offensive Security team is looking for an Offensive Security Engineer to perform internal testing of Galaxy Digital’s products and infrastructure. The assets to be tested will span the gamut – from traditional web applications to smart contracts. The engineer will use creative adversarial techniques to uncover and report vulnerabilities to provide full clarity to all relevant teams and stakeholders. The engineer will provide guidance and hands-on help to technology peers to remediate the issues.
Our team objective is to ensure a secure-by-design approach to all product development and operations, and we seek a strong testing practice as the final assurance that controls are implemented properly. The type of products built by Galaxy are client facing and internal Web/APIs, blockchain applications, data lakes and integration of advanced trading architectures.
As a member of the broader security team, the OffSec engineer will be in a unique position, working closely with the software engineering, SRE, and security operations teams.
We are looking for a driven professional, with great communication and organization skills.
What You’ll Do
- Plan testing activities and documenting Rules of Engagement, Scope, and Deliverables
- Utilize internal documentation and codebases to assist in discovery of shadow assets and vulnerabilities
- Perform security-focused code reviews of codebases in a variety of languages
- Perform adversarial tests in an ethical manner using manual and automated techniques, creating a repository of methods and scripts that will be augmented regularly
- Provide deliverables in the form of written reports and/or tickets
- Recommend and implement off-the shelf and specialized testing tools for the firm
- Develop an extensive knowledge of the technical architecture and business functionality of Galaxy products
- Engage with vendors to help shape our Agile Pentesting Program
- Provide guidance to development and SRE teams on the mitigation of vulnerabilities
- Advocate of security testing to software engineering and product teams, and help them develop a mindset of thinking about adverse scenarios and how a system can be subverted
- Stay informed of the latest developments in adversarial tactics and techniques - especially in financial and digital asset space - and adapt the strategy or tooling to address new threats
- Security certification in cybersecurity testing (OSWE/OSCP/OSWA/eWPTX/BSCP or equivalent)
- Bachelor or post-graduate diploma in any field
- 3 years experience in security research and penetration testing
- Strong Background in blockchain technologies and/or cryptocurrency
- Programming and scripting language experience; Java, C , Python, or similar languages
- Attention to detail, to be able to plan and execute tests on a wide range of applications
- Excellent communication skills and the ability to collaborate effectively with cross-functional teams
- Ability to think creatively and strategically to identify flaws and vulnerabilities
- Experience with automated security testing such as DAST, SAST, SCA
- Knowledge of Financial Products and their relationship to Crypto
- Familiarity with multi-participant approvals such as MPC and multi-signature
- Competitive base salary and discretionary bonus
- Flexible Time Off (i.e. unlimited paid vacation days)
- Company paid Holidays (11)
- Company paid sick leave
- Company-paid health and protective benefits for employees, partners, and other dependents
- 3% 401(k) company contribution
- Generous paid Parental Leave
- Free virtual coaching and counseling sessions through Headspace
- Opportunities to learn about the Crypto industry
- Smart, entrepreneurial, and fun colleagues
- Employee Resource Groups
The base salary ranges included below will be commensurate with candidate experience, expertise and local market. Final offer amounts are determined by multiple factors, including candidate experience and expertise. At Galaxy, we maintain a total compensation philosophy which consists of a competitive base salary, annual bonus, and equity incentives.
Base Salary Range
$145,000 - $160,000 USD
Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.
We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact careers@galaxy.com.
Salary : $145,000 - $160,000
