Associate Security Engineer, Vulnerability Management

Who We Are

Galaxy is a global leader in digital assets and data center infrastructure, delivering solutions that accelerate progress in finance and artificial intelligence. We believe that blockchain and digital asset innovation will transform how value moves through the world – and we’re building the products and services to make that future a reality. Our institutional digital assets platform spans trading, investment banking, asset management, staking, self-custody, and tokenization technology. We also invest in and operate cutting-edge data center infrastructure to power AI and high-performance computing, addressing the growing demand for scalable energy and compute in the U.S. We work at the intersection of finance and technology, helping institutions, startups, and developers navigate a digitally native economy. Led by CEO and Founder Michael Novogratz, our team blends deep crypto expertise with institutional experience and a shared commitment to shaping the future of Web3 and AI. Galaxy is headquartered in New York City, with offices across North America, Europe, the Middle East, and Asia. To learn more about our businesses and products, visit www.galaxy.com.

What We Value

We are a diverse team of free thinkers and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.

• Seek Excellence.
• Be Selective To Be Effective.
• Be Highly Aligned, Loosely Coupled.
• Disagree Transparently.
• Encourage Independent Decision-Making.
• Build Dream Teams.

Who You Are

Galaxy is seeking an Associate Security Engineer, Vulnerability Management to administer application security tooling and help drive the vulnerability management program. You’ll join a collaborative team of product and offensive security engineers who tackle complex technical challenges and align closely with Galaxy's business objectives. This role reports directly to the Director of Product Security and interfaces closely with Engineering, DevOps, and Infrastructure teams.

What You’ll Do

• Administer application security tooling: manage and configure to reduce false positives and enhance accuracy.
• Provide comprehensive support and documentation of security tooling to encourage adoption among engineering teams.
• Develop dashboards and KPIs to clearly visualize security activities, vulnerabilities, and cybersecurity risks for individual departments or teams.
• Aggregate and analyze data from vulnerability management and asset inventory systems.
• Support the vulnerability management program by ensuring technology teams adhere to SLAs for vulnerability triage and remediation.
• Track and report on vulnerability remediation progress across infrastructure and application environments.
• Coordinate with engineering teams to validate, assign, and prioritize vulnerabilities based on risk and asset criticality.
• Leverage AI-driven tools for efficient data analysis and qualitative risk assessment.
• Assist in security assessments and proactively suggest improvements related to tooling and risk insights.

What We’re Looking For

• Bachelor or post-graduate diploma in cybersecurity or technology
• 4+ years of work experience in cybersecurity, software development, or security operations
• Proficiency in scripting or object programming languages
• Familiarity with application security and vulnerability management practices
• Strong analytical skills, detail-oriented, proactive, and capable of independent problem-solving
• Very good verbal and written communication skills, collaborative and solution-driven
• Security or cloud certifications

What We Offer

• Competitive base salary and discretionary bonus
• Flexible Time Off (i.e. unlimited paid vacation days)
• Company paid Holidays (11)
• Company paid sick leave
• Company-paid health and protective benefits for employees, partners, and other dependents
• 3% 401(k) company contribution
• Generous paid Parental Leave
• Free virtual coaching and counseling sessions through Headspace
• Opportunities to learn about the Crypto industry
• Free daily snacks in-office
• Smart, entrepreneurial, and fun colleagues
• Employee Resource Groups

Key skills/competency

• Vulnerability Management
• Application Security
• Cybersecurity
• Scripting Languages
• Risk Assessment
• Data Analysis
• DevOps
• Infrastructure Security
• SLA Adherence
• AI Tools