What you’ll be responsible for:

In 2020, Circle unveiled Circle APIs: a set of solutions and smarter technology to help businesses accept payments in a more global, scalable and efficient alternative to traditional banking rails (spoiler: we’re using USD Coin under the hood). Over the next 12 months, we’re going to rapidly grow our API customer base and enable even more businesses to easily integrate and benefit from the breakthrough of programmable money on the internet. The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely.  The security team leads the company’s programs for information security and cybersecurity, business continuity, and vendor risk management. As a leader within the Security organization, you’ll build and lead a team that is responsible for key areas of the security program while collaborating across Circle’s business functions.  You will continue to learn and stay current in a fun and rapidly changing environment.

What you’ll work on:

• The Vulnerability Manager is responsible for the overall lifecycle of the Threat & Vulnerability Management program.
• The successful Threat & Vulnerability Program Manager is the primary role to inform, advise, and partner with IT, Security, and other business units to help better secure their operations.
• Identify gaps in current processes, workflows, and design and recommend changes or enhancements as needed.
• Participate in Change Management Process, from early assessment of proposed changes/enhancements, through vulnerability scanning and recommended remediation before go-live.
• Act as an advocate for security and the team in all tasks and engagements, not just vulnerability management specific.
• A strong understanding of Windows, Mac, and Linux operating systems, endpoint applications, networking protocols, and devices.
• Ability to influence business leader support to remediate vulnerabilities in accordance with defined timeframes to reduce the attack surface.
• Participate in incident response activities as needed. 
• Establish and mature cross-company processes around vulnerability management, including operating models, maturity models, SLAs/SLOs, discovery, and handling.
• Maintain situational awareness around industry news on software vulnerabilities, including zero-day vulnerabilities and emergency patching
• Implement and operationalize advanced Vulnerability Management reporting tools.
• Design, develop and operationalize vulnerability management metrics.
• Design and implement advanced vulnerability dashboards.
• Performs other work-related duties as assigned.

You will aspire to our four core values:

• Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families, and local communities.
• Mindful - you seek to be respectful, an active listener and pay attention to detail.  
• Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, you do not tolerate mediocrity, and you work intensely to achieve your goals. 
• High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards.  You reject manipulation, dishonesty, and intolerance.

What you’ll bring to Circle:

• The global role is technical, and individuals must possess a solid understanding of cybersecurity and preferably have held positions in information security, security engineering, architecture, development, and/or systems administration.
• 7+ years of relevant experience in Security or related field; with 3+ years of experience in vulnerability management is required.
• 1+ years experience managing direct reports and building teams.
• Experience stabilizing systems to run minimal application requirements, least privilege, and additional host hardening.
• Understanding of Windows, Mac, and Linux operating systems, endpoint applications, networking protocols, and devices.
• Experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Experience conducting organization-wide vulnerability scanning and remediation processes.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle.
• Proven team building and team leadership experience.
• Strong ability to work collaboratively across teams with quickly changing priorities.
• Experience working in financial services or financial technology desired.
• Bachelor’s degree in information security, computer science, computer engineering, or a related field.
• Software development skills in languages such as Python, Golang, or similar are highly desirable.
• Proficiency in Google Suite, Slack, and Apple macOS preferred.

Additional Information:

• This position is eligible for day-one PERM sponsorship for qualified candidates.

Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages.

The compensation range below is specific to Washington, D.C. Actual starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations.

Base Pay Range: $155,000 - $205,000

Annual Bonus Target: 15%

Also Included: Equity & Benefits (including medical, dental, vision and 401(k)). Circle has a discretionary vacation policy. We also provide 10 days of paid sick leave per year and 11 paid holidays per year in the U.S.