Who are we?

FalconX is a pioneering team of operators, investors, and builders committed to revolutionizing institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever- evolving cryptocurrency landscape.

The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, you’ll dive deeply into these product lines and provide guidance as well as implementation when needed.

Responsibilities

• Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements;
• Interface with the rest of Engineering on the security of Falconx’s software products (Cryptocurrency; High Frequency Trading; AI systems). You’ll provide guidance / recommendations / and drive the Engineers to implement your recommendations.
• Review and provide eng-design / architectural guidance for application systems
• Occasional Vulnerability Management
• Occasional Pentesting
• Educate and Train Engineers on Application Security fundamentals
• Execute and improve security reviews and consulting processes with runbooks and automation.

Knowledge, Skills & Abilities

• Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX.
• Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development
• Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM
• Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering.
• Technical Project Management
• Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC
• Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision.
• Vulnerability management, incident response

Qualifications

• Minimum of 6-13 years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc
• Minimum of 6+ years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant
• Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers
• Exceptional written and verbal communication skills
• Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems