Summary

Who is on the team?

We are entrepreneurs. Many in our company have been founders or have aspirations to eventually start their own company. We take these ambitions and experiences to bring a solutions-oriented mindset to the problems we encounter day-to-day. 

We are experienced. We have been fortunate to have learned from mentors and peers at institutions such as Google, LinkedIn, JUMP Trading, Citadel, PEAK6 Investments, Goldman Sachs, JP Morgan, Harvard Business School, Carnegie Mellon, IIT, IIM +more. 

The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, you’ll dive deeply into these product lines and provide guidance as well as implementation when needed.

Responsibilities

1. Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements;
2. Interface with the rest of Engineering on the security of Falconx’s software products (Cryptocurrency; High Frequency Trading; AI systems). You’ll provide guidance / recommendations / and drive the Engineers to implement your recommendations.  
3. Review and provide eng-design / architectural guidance for application systems
4. Occasional Vulnerability Management
5. Occasional Pentesting
6. Educate and Train Engineers on Application Security fundamentals
7. Execute and improve security reviews and consulting processes with runbooks and automation.

Knowledge, Skills & Abilities

1. Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX.
2. Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development 
3. Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM
4. Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. 
5. Technical Project Management
6. Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC
7. Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision.
8. Vulnerability management, incident response

Qualifications

1. Minimum of 4 years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc
2. Minimum of 4 years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant
3. Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers
4. Exceptional written and verbal communication skills
5. Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems

Base pay for this role is expected to be between $176,000 - $242,000 USD for New York City and San Francisco Bay Area. This expected base pay range is based on information at the time this post was generated. This role will also be eligible for other forms of compensation such as a performance linked bonus, equity, and a competitive benefits package. Actual compensation for a successful candidate will be determined based on a number of factors such as location, skillset, experience, and qualifications.

Skills

• App Development
• Communications Skills
• Development
• Python
• Software Engineering
• Team Collaboration