Security Engineer

Galaxy Digital • Full-time • Remote (Remote) • 1d ago

Who We Are:
Galaxy is a global leader in digital assets and data center infrastructure, delivering solutions that accelerate progress in finance and artificial intelligence. We believe that blockchain and digital asset innovation will transform how value moves through the world – and we’re building the products and services to make that future a reality.

Our institutional digital assets platform spans trading, investment banking, asset management, staking, self-custody, and tokenization technology. We also invest in and operate cutting-edge data center infrastructure to power AI and high-performance computing, addressing the growing demand for scalable energy and compute in the U.S.

We work at the intersection of finance and technology, helping institutions, startups, and developers navigate a digitally native economy. Led by CEO and Founder Michael Novogratz, our team blends deep crypto expertise with institutional experience and a shared commitment to shaping the future of Web3 and AI.

Galaxy is headquartered in New York City, with offices across North America, Europe, the Middle East, and Asia.

To learn more about our businesses and products, visit www.galaxy.com.

What We Value:

We are a diverse team of free thinkers, and fast movers united to help investors and creators energize the global economy. We are looking for individuals who thrive in a culture of builders and overachievers and embrace high performance, transparent feedback, and a mission-first approach. Our culture shapes our way of working and gets us where we want to be.

Seek Excellence.
Be Selective To Be Effective.
Be Highly Aligned, Loosely Coupled.
Disagree Transparently.
Encourage Independent Decision-Making.
Build Dream Teams.

Who You Are:

We are seeking a Security Engineer to join our Security Operations Center (SOC) team. This role will focus on developing, maintaining, and optimizing detection use cases, threat hunting queries, and response automation within our SOC environment. The SOC Security Engineer will play a critical role in enhancing our detection and response capabilities, ensuring we stay ahead of emerging threats and continuously strengthen our security posture.

What You'll Do:

Detection Engineering:
- Develop, test, and tune detection rules, signatures, and alerts across SIEM, EDR, IDS/IPS, and other monitoring platforms.
- Continuously optimize existing detection logic to reduce false positives and improve detection accuracy.
Threat Hunting & Analysis:
- Create advanced queries, dashboards, and hunting content to proactively identify anomalous activity.
- Collaborate with SOC analysts to validate findings and enrich detection capabilities.
Incident Response Support:
- Provide content and playbooks to accelerate incident triage and response.
- Automate repeatable SOC processes and workflows using SOAR platforms.
Threat Intelligence Integration:
- Leverage internal and external threat intelligence to inform detection engineering.
- Develop indicators and rules to detect tactics, techniques, and procedures (TTPs) mapped to the MITRE ATT&CK framework.
Collaboration & Enablement:
- Partner with SOC analysts, threat hunters, and red teams to ensure detection coverage for key attack vectors.
- Document and maintain detection content, response playbooks, and knowledge bases.

What We're Looking For:

3+ years of experience in a SOC, detection engineering, or threat hunting role.
Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, QRadar, Azure Sentinel).
Proficiency in query languages such as Splunk SPL, KQL, SQL, or Elastic Query DSL.
Familiarity with endpoint detection tools (EDR), IDS/IPS, and cloud security monitoring solutions.
Strong understanding of MITRE ATT&CK, cyber kill chain, and threat detection methodologies.
Scripting experience (Python, PowerShell, or Bash) for automation and content development.
Strong analytical and problem-solving skills.
Ability to communicate complex technical findings clearly to both technical and non-technical stakeholders.
Collaborative mindset with a passion for knowledge sharing and continuous improvement.

Bonus Points:

Experience with SOAR platforms (e.g., Phantom, Demisto/XSOAR, Tines).
Background in reverse engineering or malware analysis.
Security certifications such as GCIA, GCIH, GCDA, GCFA, OSCP, or Splunk Certified Engineer.
Cloud security experience (AWS, Azure, or GCP).

Galaxy respects diversity and seeks to provide equal employment opportunities to all employees and job applicants for employment without regard to actual or perceived age, race, color, creed, religion, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital or partnership or caregiver status, ancestry, national origin, citizenship status, disability, military or veteran status, protected medical condition as defined by applicable state or local law, genetic information or predisposing genetic characteristic, or other characteristic protected by applicable federal, state, or local laws and ordinances.

We will endeavor to make a reasonable accommodation to the known limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete the application process or to participate in an interview, please contact careers@galaxy.com.