Senior Security Engineer (Product Security)

Who are we?

FalconX is a pioneering team of operators, investors, and builders committed to revolutionizing institutional access to the crypto markets. Operating at the intersection of traditional finance and 
cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever-
evolving cryptocurrency landscape.

Senior Security Engineer (Product Security) - SF

Who are we?

FalconX is one of the fastest-growing startups in FinTech. We are redefining prime brokerage from the ground up. We are building the world’s smartest institutional brokerage for digital assets 

We are backed by some of the best investors in the world including Accel Partner, Tiger Global, American Express, Fidelity, Coinbase, Lightspeed Venture Partners, Altimeter Capital, Mirae Asset, BCapital + more yet to be publicly disclosed. 

We deliver institutional digital asset traders best-in-class trading, credit, custody and structured products. We trade, lend and secure tens of billions of dollars monthly, are highly profitable, and growing fast.

We are data-driven. Whether it's a growth or product decision, we believe data can always help us make more precise and informed choices.

We move fast. Speed of execution is essential for any startup, but we believe this is even more pertinent in our 24/7 industry.

We prioritize learning. Outcomes are mission-critical, but we also believe that learning in success and in failure will drive our continued success. Our industry is emergent - there’s no shortage of experiments to get involved with and to continue growing and learning together.

FalconX has offices in San Mateo, Bangalore, Chicago and New York.

Who is on the team?

We are entrepreneurs. Many in our company have been founders or have aspirations to eventually start their own company. We take these ambitions and experiences to bring a solutions-oriented mindset to the problems we encounter day-to-day. 

We are experienced. We have been fortunate to have learned from mentors and peers at institutions such as Google, LinkedIn, JUMP Trading, Citadel, PEAK6 Investments, Goldman Sachs, JP Morgan, Harvard Business School, Carnegie Mellon, IIT, IIM +more. 

The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems.  In this role, you’ll dive deeply into these product lines and provide guidance as well as implementation when needed.

Responsibilities

• Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements;
• Interface with the rest of Engineering on the security of Falconx’s software products (Cryptocurrency; High Frequency Trading; AI systems). You’ll provide guidance / recommendations / and drive the Engineers to implement your recommendations.  
• Review and provide eng-design / architectural guidance for application systems
• Occasional Vulnerability Management
• Occasional Pentesting
• Educate and Train Engineers on Application Security fundamentals
• Execute and improve security reviews and consulting processes with runbooks and automation.

Knowledge, Skills & Abilities

• Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX.
• Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development 
• Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM
• Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. 
• Technical Project Management
• Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC
• Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision.

• Vulnerability management, incident response

Qualifications

• Minimum of 4 years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc
• Minimum of 4 years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant
• Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers
• Exceptional written and verbal communication skills
• Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems

Base pay for this role is expected to be between $171,500 - $246,500 USD for New York City and San Francisco Bay Area. This expected base pay range is based on information at the time this post was generated. This role will also be eligible for other forms of compensation such as a performance linked bonus, equity, and a competitive benefits package. Actual compensation for a successful candidate will be determined based on a number of factors such as location, skillset, experience, and qualifications.

Notice at Collection and Privacy Policy

Applicants located in California and/or applying to a role based in California, please refer to our Notice at Collection and Privacy Policy here.

Inclusivity Statement

FalconX is committed to building a diverse, inclusive, equitable, and safe workspace for all people. Our roles are intended for people from all walks of life. We encourage all those interested in applying to our organization to submit an application regardless if you are missing some of the listed background requirements, skills, or experiences!

As part of our commitment to inclusivity, FalconX would like to acknowledge that the EEOC survey has limited potential responses that you can select. For legal reasons, FalconX must use this language to align with federal requirements, however, we want to ensure that you are able to provide a response to our own voluntary survey questions about your identity that best aligns with your most true self.

FalconX is an equal opportunity employer and will not discriminate against an applicant or employee based on race, color, religion, national origin, ancestry, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, veteran or military status, genetic information, citizenship, or any other legally-recognized protected basis under federal, state, or local law.

Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and other applicable state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on FalconX. Please inform FalconX’s People team at recruiting@falconx.io, if you need assistance with participating in the application process.