Circle is hiring a
Principal Security Engineer

Summary

Circle is seeking a Principal Security Engineer with expertise in Threat and Vulnerability Management, Cloud infrastructure, and Mac-based devices. The role involves testing web applications for vulnerabilities, recommending code changes, automating security tests, researching industry-specific vulnerabilities, investigating threats, and supporting other security team projects.

Requirements

• Consultative and flexible approach to partner closely with engineering and technology teams
• Expertise with Cloud vulnerability scanning solutions like Wiz, Prisma Cloud, Qualys, or Amazon Inspector is required
• Hands-on technical experience with developing, deploying, and integrating vulnerability scanning solutions with technologies such as Terraform, Github, Jira, Slack and others, in context of a mid to large Enterprise
• Hands-on coding/scripting experience with languages such as Python, SQL, Javascript, bash or other relevant languages
• Expertise with Cloud Infrastructure in AWS and GCP is required
• Extensive knowledge of containerization, orchestration and cloud scale solutions
• Expertise with CICD within the SDLC process is required
• Expertise with Slack, Apple MacOS and GSuite is required
• Familiarity with CVSS, EPSS, threat intelligence, performing risk analysis, and threat modeling
• Self-motivated and creative problem-solver able to work independently
• Proficiency in managing multiple competing priorities and use good judgment to establish order or priorities on the fly for themselves and their team
• Ability to influence and expediently resolve issues and achieve organizational objectives
• The ability to design and operate controls that are easy to test and audit
• 8+ years of total experience in cybersecurity with at least 2+ years as a principal engineer

Responsibilities

• Test web applications and underlying systems for vulnerabilities using both tools and manual techniques
• Manage the remediation of findings through resolution
• Recommend code changes to eliminate vulnerabilities
• Automate security tests within the CI/CD pipeline
• Research vulnerabilities specific to the financial industry & blockchain technologies and incorporate this knowledge in Circle’s security practices
• Serve as an escalation point to investigate threats and identify vulnerabilities
• Investigate vulnerability reports related to Circle products and systems
• Influence the continuous improvement of the Threat and Vulnerability Management program

Preferred Qualifications

• Familiarity with blockchain/web3 development is preferred
• Enthusiasm for automation, scalable and reproducible security practices
• Advanced degree in computer science, or related fields strongly preferred
• Strong ability to work collaboratively across teams during high-stress situations
• An understanding of standards such as ISO 27001/27002 and the NIST Cybersecurity Framework desirable
• Amazon certifications for Solutions Architect, Devops Engineer, and/or Security are preferred
• Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), and/or Certified Ethical Hacker (CEH) certifications are a plus