Principal Security Engineer, Threat and Vulnerability Management

Circle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data — globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up previously unimaginable possibilities for payments, commerce and markets that can help raise global economic prosperity and enhance inclusion. Our infrastructure – including USDC, a blockchain-based dollar – helps businesses, institutions and developers harness these breakthroughs and capitalize on this major turning point in the evolution of money and technology.

What you’ll be part of:

Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: Multistakeholder, Mindfulness, Driven by Excellence and High Integrity. Circlers are consistently evolving in a remote world where strength in numbers fuels team success. We have built a flexible and diverse work environment where new ideas are encouraged and everyone is a stakeholder.

What you’ll be responsible for:

Circle is looking for a passionate Principal Security Engineer with an expertise in Threat and Vulnerability Management, deep understanding of different Cloud based Infrastructure and a Mac based fleet of devices. You’ll be part of the Security Engineering team and closely partner with the Engineering, Infrastructure, and IT teams responsible for supporting our cloud operations, software development, fleet of devices and endpoints. 

What you'll work on:

• Test web applications and underlying systems for vulnerabilities using both tools and manual techniques; manage the remediation of findings through resolution
• Recommend code changes to eliminate vulnerabilities
• Automate security tests within the CI/CD pipeline
• Research vulnerabilities specific to the financial industry & blockchain technologies and incorporate this knowledge in Circle’s security practices
• Serve as an escalation point to investigate threats and identify vulnerabilities
• Investigate vulnerability reports related to Circle products and systems
• Influence the continuous improvement of the Threat and Vulnerability Management program
• Support other security team projects such as threat modeling, vulnerability scanning, and audits.

You will aspire to our four core values:

• Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
• Mindful - you seek to be respectful, an active listener and to pay attention to detail.  
• Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals. 
• High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards.  You reject manipulation, dishonesty and intolerance.

What you’ll bring to Circle:

• Consultative and flexible approach to partner closely with engineering and technology teams
• Expertise with Cloud vulnerability scanning solutions like Wiz, Prisma Cloud, Qualys, or Amazon Inspector is required.
• Hands-on technical experience with developing, deploying, and integrating vulnerability scanning solutions with technologies such as Terraform, Github, Jira, Slack and others, in context of a mid to large Enterprise
• Hands-on coding/scripting experience with languages such as Python, SQL, Javascript, bash or other relevant languages.
• Expertise with Cloud Infrastructure in AWS and GCP is required.
• Extensive knowledge of containerization, orchestration and cloud scale solutions
• Expertise with CICD within the SDLC process is required.
• Expertise with Slack, Apple MacOS and GSuite is required.
• Familiarity with CVSS, EPSS, threat intelligence, performing risk analysis, and threat modeling.
• Familiarity with blockchain/web3 development is preferred.
• Enthusiasm for automation, scalable and reproducible security practices
• Self-motivated and creative problem-solver able to work independently 
• Proficiency in managing multiple competing priorities and use good judgment to establish order or priorities on the fly for themselves and their team.
• Ability to influence and expediently resolve issues and achieve organizational objectives
• The ability to design and operate controls that are easy to test and audit
• Advanced degree in computer science, or related fields strongly preferred. 
• Strong ability to work collaboratively across teams during high-stress situations.
• An understanding of standards such as ISO 27001/27002 and the NIST Cybersecurity Framework desirable
• 8+ years of total experience in cybersecurity with at least 2+ years as a principal engineer
• Amazon certifications for Solutions Architect, Devops Engineer, and/or Security are preferred.
• Certified Information Systems Security Professional (CISSP),  Certified Cloud Security Professional (CCSP), and/or Certified Ethical Hacker (CEH) certifications are a plus.

We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law.