Senior Product Security Engineer

Job Description

Who are we? FalconX is a pioneering team of operators, investors, and builders committed to revolutionising institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape. Who is on the team? We are entrepreneurs. Many in our company have been founders or have aspirations to eventually start their own company. We take these ambitions and experiences to bring a solutions-oriented mindset to the problems we encounter day-to-day. We have been fortunate to have learned from mentors and peers at institutions such as Google, LinkedIn, JUMP Trading, Citadel, PEAK6 Investments, Goldman Sachs, JP Morgan, Harvard Business School, Carnegie Mellon, IIT, IIM +more. The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, youll dive deeply into these product lines and provide guidance as well as implementation when needed. Responsibilities : Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements; Interface with the rest of Engineering on the security of Falconxs software products (Cryptocurrency; High Frequency Trading; AI systems). Youll provide guidance / recommendations / and drive the Engineers to implement your recommendations. Review and provide eng-design / architectural guidance for application systems Occasional Vulnerability Management Occasional Pentesting Educate and Train Engineers on Application Security fundamentals Execute and improve security reviews and consulting processes with runbooks and automation. Knowledge, Skills & Abilities : Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX. Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. Technical Project Management Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision. Vulnerability management, incident response Qualifications : Minimum of 6+ years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc Minimum of 6+ years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers Exceptional written and verbal communication skills Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems