Principal Security Engineer, Threat and Vulnerability Management
Circle is a forward-looking fintech company situated at the center of the evolving internet of money, enabling seamless global transfer of value similar to other digital data but with heightened speed, efficiency, and cost-effectiveness compared to traditional settlement systems. This transformative digital infrastructure broadens horizons for payments, commerce, and market functions, contributing to enhanced global economic well-being and inclusivity. Our established framework, encompassing USDC and blockchain-backed assets, empowers businesses, organizations, and developers to leverage these advancements and seize the opportunities presented by this pivotal moment in the convergence of money and technology.
You will be joining a transparent and steadfast organization committed to operating ethically and effectively across various global settings. Fueled by our core principles of Multistakeholder, Mindfulness, Driven by Excellence, and High Integrity, our distributed team navigates the remote work landscape collaboratively, fostering a culture of flexibility, diversity, and innovation where fresh perspectives are valued and every individual holds a vested interest.
We are seeking a dedicated Principal Security Engineer adept in Threat and Vulnerability Management with a specialized understanding of Cloud-based Infrastructure and management of a Mac-based device fleet. As an essential member of the Security Engineering team, you will closely collaborate with Engineering, Infrastructure, and IT teams, managing security operations for our cloud environment, software development lifecycle, and device ecosystems.
Primary Responsibilities:
- Conduct thorough security assessments on web applications and underlying systems to identify vulnerabilities, employing a blend of automated tools and manual techniques, and drive remediation efforts to resolution.
- Offer actionable recommendations for code enhancements to mitigate vulnerabilities and secure applications.
- Automate security testing protocols within the CI/CD pipeline to streamline vulnerability identification and resolution.
- Explore vulnerabilities specific to finance and blockchain sectors and integrate acquired insights into Circle’s security strategies.
- Act as a key point of contact for investigating and addressing security threats and vulnerabilities.
- Analyze vulnerability reports associated with Circle’s products and systems, enhancing the overall Threat and Vulnerability Management program.
- Support various security initiatives such as threat modeling, vulnerability scanning, and compliance audits within the security team domain.
Essential Qualifications:
- Prior experience collaborating closely with technical and engineering teams, translating security insights into actionable strategies.
- Proficient in Cloud vulnerability scanning tools like Wiz, Prisma Cloud, Qualys, or Amazon Inspector.
- Hands-on expertise in deploying and integrating vulnerability scanning solutions using tools like Terraform, Github, Jira, and Slack in enterprise environments.
- Thorough knowledge of coding/scripting languages such as Python, SQL, and JavaScript.
- Extensive experience with Cloud Infrastructure in AWS and GCP, inclusive of containerization, orchestration, and scalable cloud solutions.
- Proficiency in CICD practices integrated into the SDLC process and adeptness with collaboration tools like Slack, Apple MacOS, and GSuite.
- Familiarity with industry standards like CVSS, EPSS, threat intelligence, risk analysis, and threat modeling.
- Preference for expertise in blockchain/web3 development and enthusiasm for automating scalable security processes.
- Strong problem-solving skills, self-motivation, and the ability to manage multiple priorities effectively.
- Advanced qualifications in computer science or related fields, with over 8 years of cybersecurity experience, including a minimum of 2 years as a principal engineer.
- Desirable certifications include Amazon Solutions Architect, Devops Engineer, and/or Security, along with CISSP, CCSP, CEH certifications.
Equal Opportunity Statement:
Circle is an equal opportunity employer that values diversity within the workplace. Our recruitment decisions are not influenced by factors such as race, religion, gender, age, sexual orientation, veteran status, or disabilities. Where applicable by law, Circle participates in the E-Verify Program.