Senior Application Security Engineer

Who are we?

FalconX is a cutting-edge digital asset platform catering to institutions, offering a range of services including trade execution, credit & treasury management, prime offerings, and market making. With a global presence, top-notch technology, and deep liquidity, we have facilitated client transactions totaling $1 trillion in volume. Our suite of products and services adheres to regulations, complies with standards, and is known for its trustworthiness.

We are a collective of skilled engineers, product developers, institutional sales and trading experts, operations professionals, and business strategists. Our team members bring entrepreneurial backgrounds from prominent companies like Google, Apple, Paypal, Citadel, Bridgewater, and Goldman Sachs. Our values revolve around thinking big, achieving bold results, collaborating as one team, iterating swiftly, and embodying an entrepreneurial spirit.

Learning is a priority for us. While achieving outcomes is crucial, we strongly believe that continuous learning from both success and failure drives our ongoing success. In an industry that is ever-evolving, there is a plethora of experiments to engage in, enabling continuous growth and learning together.

Qualifications

• Seeking an experienced software security architect conversant with secure software development and possessing robust knowledge of DevSecOps architecture.
• Proficient in secure engineering best practices and adept at proposing solutions to both technical and non-technical stakeholders.
• Familiar with secure development best practices tailored to various programming languages and frameworks.
• Skilled in the security tooling landscape and equipped to implement security programs within organizations with complex application architecture.
• Demonstrates a growth mindset, continually striving for excellence, and focusing on continuous functional improvements.
• Displays a passion for cybersecurity evidenced through active participation or leadership in industry events like conferences, webinars, Capture the Flag (CTF) competitions, TryHackMe, Bug Bounty programs, submission of CVEs, or personal cybersecurity projects.
• Possesses a deep understanding of historical, current, and emerging security exploits.
• Holds a minimum of 8+ years of experience in software engineering, architecture, and software security.
• Boasts at least 5+ years of prior experience in software security initiatives and/or transformations.
• Proficient in OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), API Security Testing Tools, Automated Mobile Testing Tools, BSIMM, OpenSAMM, and Threat Modeling tools.
• Holds at least one security certification (e.g., CISSP, OSCP, GWEB, CEH, GRTP, or GWEB).
• Has experience with multiple languages such as Java, Rust, Python, and/or JavaScript.
• Familiar with identifying and prioritizing vulnerabilities in front-end, APIs, microservices, and containers.
• Knowledgeable about common build/automation tooling like Jenkins and GIT.

Responsibilities

• Offer subject matter expertise, strategic roadmaps, and reference architectures for application and product security.
• Provide thought leadership in areas of security tool automation, optimization, application vulnerability management, and risk reduction strategies.
• Design comprehensive architectural patterns for secure development standards encompassing front-end, APIs, and mobile.
• Develop and maintain application security policies, standards, and guidelines, ensuring adherence across projects.
• Implement strategies to automate software security vulnerability verification throughout the development lifecycle.
• Collaborate closely with cross-functional teams to identify application vulnerabilities, design secure application architectures, and integrate security measures into development processes.
• Design architecture for tool integrations and implement tooling within CI/CD pipelines to minimize manual testing and troubleshooting.
• Lead security engineer and software engineer training related to high-risk security vulnerabilities.
• Conduct product evaluations for security gaps through threat modeling and penetration testing.

Expected base pay for this role ranges from $164,000 to $215,000 USD, with additional forms of compensation available such as performance-based bonuses, equity, and a competitive benefits package. Actual compensation will be determined based on various factors like skill level, experience, and qualifications.

Inclusivity Statement

FalconX is fully dedicated to fostering a diverse, inclusive, equitable, and safe work environment for all individuals, embracing talent from diverse backgrounds. Applicants of all backgrounds are encouraged to apply for roles within our organization, regardless of not meeting all specified background requirements, skills, or experiences.

As part of our commitment to inclusivity, we understand the limited response options provided in the EEOC survey. While federal regulations require us to use certain language, we encourage you to provide responses that best align with your identity in the voluntary survey questions presented by FalconX.

FalconX is an equal opportunity employer and does not discriminate against individuals based on various legally protected characteristics. Applicants with disabilities may be entitled to reasonable accommodation as per the Americans with Disabilities Act and other applicable laws. Kindly reach out to FalconX’s People team at recruiting@falconx.io for support with the application process if needed.