Who are we
FalconX is a pioneering team of operators, investors, and builders committed to revolutionizing institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever- evolving cryptocurrency landscape.
The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, you'll dive deeply into these product lines and provide guidance as well as implementation when needed.
Responsibilities
- Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements;
- Interface with the rest of Engineering on the security of Falconx's software products (Cryptocurrency; High Frequency Trading; AI systems). You'll provide guidance / recommendations / and drive the Engineers to implement your recommendations.
- Review and provide eng-design / architectural guidance for application systems
- Occasional Vulnerability Management
- Occasional Pentesting
- Educate and Train Engineers on Application Security fundamentals
- Execute and improve security reviews and consulting processes with runbooks and automation.
Knowledge, Skills & Abilities
- Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX.
- Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development
- Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM
- Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering.
- Technical Project Management
- Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC
- Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision.
- Vulnerability management, incident response
Qualifications
- Minimum of 6-13 years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc
- Minimum of 6+ years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant
- Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers
- Exceptional written and verbal communication skills
- Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems
