Staff Security Engineer
Circle is a global crypto finance company, built on blockchain technology, powered by crypto assets, and dedicated to helping people and institutions create and share value globally. With our suite of products, we enable our customers to send and receive money around the world easily, as well as invest in and trade crypto assets.
Circle is a global financial technology firm that enables businesses of all sizes to harness the power of stablecoins and public blockchains for payments, commerce and financial applications worldwide. Circle's platform has supported over 100 million transactions worth tens of billions of dollars, with nearly 10 million retail customers, over a thousand businesses, while storing and securing more than $5 billion in digital currency assets. Today, Circle's transactional services, business accounts, and platform APIs are supporting the development and launch of a new generation of financial products and services.
What you’ll be part of:
With the mission “To raise global economic prosperity through programmable internet commerce,” Circle was founded on the belief that blockchains and digital currency will rewire the global economic system, creating a fundamentally more open, inclusive, efficient and integrated world economy. We envision a global economy where people and businesses everywhere can more freely connect and transact with each other with new technologies for digital money. We believe such a system can raise prosperity for people and companies everywhere.
In 2020, Circle unveiled Circle APIs: a set of solutions and smarter technology to help businesses accept payments in a more global, scalable and efficient alternative to traditional banking rails (spoiler: we’re using USD Coin under the hood).
Over the next 12 months, we’re going to rapidly grow our API customer base and enable even more businesses to easily integrate and benefit from the breakthrough of programmable money on the internet.
You will aspire to our four core values:
- Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
- Mindful - you seek to be respectful, an active listener and to pay attention to detail.
- Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals.
- High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards. You reject manipulation, dishonesty and intolerance.
Security at Circle:
The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. The security team leads the company’s programs for information security and cybersecurity, business continuity, vendor risk management, and privacy.
As a senior member of this team, you’ll lead and be responsible for key areas of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment.
What you'll work on:
- Work collaboratively with internal stakeholders to build and operate technology risk management controls
- Analyze AWS security configurations based on KMS Keys, Security Groups, and IAM Policies across multiple AWS Accounts
- Build security monitoring and management controls using AWS services such as Security Hub, Inspector, and Guard Duty
- Script in python using Amazon libraries such as boto3 to generate reusable utilities for environment configuration, control monitoring, audits, and assessment
- Conduct risk and controls assessments to identify risks and any associated weaknesses, as well as make recommendations on how to mitigate those risks
- Formulate recommendations that can be implemented using automation tools such as Cloudformation and Terraform
- Test for vulnerabilities and configuration errors using off-the-shelf and custom tools
- Collaborate with others to enhance event monitoring, security alerting, and incident response workflows
- Own and build relationships with key external stakeholders such as customers, vendors, and auditors
- Produce data-based reports on technology risk for senior management
- Drive continuous improvement in the technology risk management programs
What you’ll bring to Circle:
- Enthusiasm for scalable, reproducible security management
- Self-motivated and creative problem-solver able to work independently with minimal guidance
- Ability to manage multiple competing priorities and use good judgement to establish order or priorities on the fly
- Ability to influence internal and external customers to expediently resolve issues and achieve organizational objectives
- Experience architecting and testing security controls in AWS
- Ability to thrive in an “infrastructure as code” environment
- The ability to design and operate controls that are easy to test and audit
- Knowledge of the PCI DSS
- An understanding of standards such as ISO 27001/27002 and the NIST Cybersecurity Framework desirable
- Experience/familiarity with application security including standards like OWASP, tools like Burp Suite, and secure coding practices a plus
- Experience working in financial services or financial technology desired
- Bachelor's degree in computer science, computer engineering, cybersecurity or related field. Equivalent experience also accepted
- Certifications such as CISSP, CCSK, CISA, CISM, or similar will receive favorable consideration but are not required
- Five or more years of experience as a security engineer, systems administrator, or systems engineer with a minimum of two years (can be overlapping) with a focus on cybersecurity. Experience working in an AWS environment required.
If it feels rewarding to see your work scale through automation, are interested in building something meaningful, and would love to work in an entrepreneurial environment, we can’t wait to hear from you.
We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.