Senior Security Engineer, Security Tools

What you'll be responsible for:

In 2020, Circle unveiled Circle APIs: a set of solutions and smarter technology to help businesses accept payments in a more global, scalable, and efficient alternative to traditional banking rails (spoiler: we're using USD Coin under the hood).

The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely.  The security team leads the company's information security and cybersecurity programs, business continuity, and vendor risk management.

As a member of this team, you'll develop tools that automate testing of security configurations and controls across a variety of SaaS and cloud-based assets.  You’ll also participate in threat modeling, vulnerability assessment, and risk assessment projects.  You will continue to learn and stay current in a fun and rapidly changing environment.

What you'll work on:

• Play a lead role in improving overall security practitioner efficiency through process automation.
• Design, implement, deploy and maintain custom automation products for control testing.
• Build security tooling and automation for internal use that enable the Security Team to operate at high speed across Circle’s infrastructure.
• Author and maintain middleware documentation.
• Develop API integration with minimal UI.
• Define and own metrics and key performance indicators to determine the effectiveness of the Security automation program.
• Create automation to reduce time to remediation across Circle infrastructure.
• Engage with teams to identify shared problems and develop automation.
• Manage the effectiveness of tooling, rationalizing tools as needed, and identifying new tool needs as necessary.
• Assist with the configuration of application security tools, monitor output, and assist developers with remediation of code vulnerabilities.
• Lead security initiatives (including security reviews, tool development, and creation of new security practices) with end-to-end ownership.
• Support security team projects such as threat modeling, vulnerability scanning and audits.
• Consult and provide security guidance to various teams throughout the company.
• Influence the continuous improvement of the security program.

You will aspire to our four core values:

• Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families, and local communities.
• Mindful - you seek to be respectful, an active listener, and to pay attention to detail.  
• Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue Excellence, that you do not tolerate mediocrity, and you work intensely to achieve your goals. 
• High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards.  You reject manipulation, dishonesty, and intolerance.

What you'll bring to Circle:

• Bachelor's degree in computer science, computer engineering, cybersecurity or related field; Equivalent experience also accepted. 
• 4 years of experience as a security engineer or software engineer with a minimum of 2 years (can be overlapping) with a focus on cybersecurity.
• Proficiency in multiple programming languages is desirable (Python, Golang, Rust, Ruby, etc.).
• Enthusiasm for scalable, reproducible security management. 
• Ability to scope, design, and estimate work. 
• Ability to design and operate controls that are easy to test and audit.
• Self-motivated and creative problem-solver able to work independently with minimal guidance.
• Familiar with common attack techniques.
• Working knowledge of public and private key cryptography.
• Familiar with techniques for making software robust against common attacks.
• Strong ability to work collaboratively across teams.
• Ability to manage multiple competing priorities and use good judgment to establish an order of priorities on the fly.
• Familiarity with standards such as ISO 27001/27002 or the NIST Cybersecurity Framework is desirable.
• Experience working in financial services or financial technology desired.
• Certifications such as CISSP or similar will receive favorable consideration but are not required.
• Experience working on applications deployed within AWS is desirable.
• Experience/familiarity with Slack, Apple MacOS and GSuite.

If you are passionate about automating security operations, finding software vulnerabilities, developing scalable solutions to protect applications, are interested in building something meaningful, and would love to work in an entrepreneurial environment, we can't wait to hear from you.