Back to All Positions

Security Researcher

Full-time · Remote · Engineering

About Galoy

Galoy builds financial infrastructure on top of the Bitcoin network through open-source and Fair Source projects. Our products include Lana (bitcoin-backed lending), Cala (core accounting ledger), and Bria (payments bridge), plus the Blink wallet.

Responsibilities

  • Threat Modeling — Lead threat-modeling sessions for new features, design mitigations, and champion security-by-design across the engineering organization
  • Code Review — Perform manual and automated security analysis of Rust codebases; conduct vulnerability hunting and responsible disclosure
  • Cloud Infrastructure — Harden GCP/Azure/Kubernetes deployments; manage IAM, network segmentation, and secrets management
  • DevSecOps — Integrate SAST/DAST, secret-scanning, and dependency checks into CI/CD pipelines
  • Incident Response — Maintain detection rules, triage security alerts, and conduct post-mortems
  • Research & Evangelism — Track emerging exploits and share findings with upstream open-source projects
  • Mentorship — Guide engineers on secure coding practices across the organization
  • Open-Source Contribution — Publish security enhancements to community repositories

Required Qualifications

  • 5+ years application or cloud security experience with documented vulnerability discoveries
  • Rust fluency (or strong willingness to master it)
  • Bitcoin and Lightning protocol knowledge
  • Cloud-native expertise (AWS/GCP/Azure, Kubernetes, Terraform, CI/CD)
  • SAST/DAST, fuzzing, and CodeQL familiarity
  • Threat modeling and penetration testing capability
  • Strong written and verbal English communication
  • Proven ability to work in remote/async environments

Nice to Have

  • Spanish language proficiency
  • HSM, MPC wallet, or custody model experience
  • Startup adaptability mindset

Benefits

  • Work on cutting-edge Bitcoin-native technology
  • Contribute to open-source projects
  • Optional Bitcoin compensation
  • Remote-first, international team
  • Optional El Salvador relocation assistance with visa support

Interested in this role?

Send your CV and relevant security research to jobs@galoy.io

Apply Now