What you’ll be responsible for:

Circle is looking for a passionate Principal Security Engineer with an expertise in Threat and Vulnerability Management, deep understanding of different Cloud based Infrastructure and a Mac based fleet of devices. You’ll be part of the Security Engineering team and closely partner with the Engineering, Infrastructure, and IT teams responsible for supporting our cloud operations, software development, fleet of devices and endpoints. 

What you’ll work on:

• Test web applications and underlying systems for vulnerabilities using both tools and manual techniques; manage the remediation of findings through resolution
• Recommend code changes to eliminate vulnerabilities
• Automate security tests within the CI/CD pipeline
• Research vulnerabilities specific to the financial industry & blockchain technologies and incorporate this knowledge in Circle’s security practices
• Serve as an escalation point to investigate threats and identify vulnerabilities
• Investigate vulnerability reports related to Circle products and systems
• Influence the continuous improvement of the Threat and Vulnerability Management program
• Support other security team projects such as threat modeling, vulnerability scanning, and audits.

You will aspire to our four core values:

• Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
• Mindful - you seek to be respectful, an active listener and to pay attention to detail.  
• Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals. 
• High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards.  You reject manipulation, dishonesty and intolerance.

What you’ll bring to Circle:

• Consultative and flexible approach to partner closely with engineering and technology teams
• Expertise with Cloud vulnerability scanning solutions like Wiz, Prisma Cloud, Qualys, or Amazon Inspector is required.
• Hands-on technical experience with developing, deploying, and integrating vulnerability scanning solutions with technologies such as Terraform, Github, Jira, Slack and others, in context of a mid to large Enterprise
• Hands-on coding/scripting experience with languages such as Python, SQL, Javascript, bash or other relevant languages.
• Expertise with Cloud Infrastructure in AWS and GCP is required.
• Extensive knowledge of containerization, orchestration and cloud scale solutions
• Expertise with CICD within the SDLC process is required.
• Expertise with Slack, Apple MacOS and GSuite is required.
• Familiarity with CVSS, EPSS, threat intelligence, performing risk analysis, and threat modeling.
• Familiarity with blockchain/web3 development is preferred.
• Enthusiasm for automation, scalable and reproducible security practices
• Self-motivated and creative problem-solver able to work independently 
• Proficiency in managing multiple competing priorities and use good judgment to establish order or priorities on the fly for themselves and their team.
• Ability to influence and expediently resolve issues and achieve organizational objectives
• The ability to design and operate controls that are easy to test and audit
• Advanced degree in computer science, or related fields strongly preferred. 
• Strong ability to work collaboratively across teams during high-stress situations.
• An understanding of standards such as ISO 27001/27002 and the NIST Cybersecurity Framework desirable
• 8+ years of total experience in cybersecurity with at least 2+ years as a principal engineer
• Amazon certifications for Solutions Architect, Devops Engineer, and/or Security are preferred.
• Certified Information Systems Security Professional (CISSP),  Certified Cloud Security Professional (CCSP), and/or Certified Ethical Hacker (CEH) certifications are a plus.