Boston, USA

Circle is a global internet finance company, built on blockchain technology, powered by crypto assets, and dedicated to helping people everywhere create and share value.

We’ve already made sending money around the world free and easy using blockchain technology with Circle Pay. With Circle Invest, we’re expanding our offerings with a cryptocurrency investment product, enabling anyone to buy and sell crypto assets. Through Circle Trade, we’re market makers for the top crypto coins and offer OTC trading services. In March 2018, Circle acquired Poloniex, one of the world's leading token marketplaces.

We are looking for an Application Security Engineer to work with our engineering and product teams to secure Circle’s mobile product portfolio; Circle Pay, Circle Invest, and the Poloniex mobile app.

You should love pursuing hard problems, and be excited to learn new things quickly and independently. You will be asked to methodically and comprehensively understand the security posture and attack surface of these Circle products, and then develop the appropriate security controls. It’s crucial that you’re an effective communicator, as you’ll collaborate frequently with different engineering teams to identify and address security issues.

What you'll work on

• Collaborate frequently with different engineering teams to identify and address security issues
• Have a part in every aspect the development lifecycle
• Attend the daily stand ups to ensure that product features have security “built in”
• Address the both the mobile app and supporting REST API security issues, as security incidents occur

What you'll bring to Circle

• 3+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
• Experience with Android and iOS native application security
• Strong familiarity with the Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.)
• Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
• Familiar with vulnerability management and penetration testing tools : Burp and Metasploit
• A “breaker” mentality, but effective at crafting the mitigating controls
• Proven interpersonal skills: Ability to explain complex technical issues to both technical and non-technical audiences
• Proven knowledge of applied cryptography

Preferred Experience

• Experience as a developer on a mobile or web application team
• Prior exposure to modern CI/CD pipelines

Circle was founded in 2013 by internet entrepreneurs Jeremy Allaire and Sean Neville. We’re backed by $250 million from investors including Jim Breyer (Facebook), Goldman Sachs, IDG Capital (Baidu, Tencent), General Catalyst (AirBnB, Snapchat), Accel Partners, and Bitmain, with offices in Boston, New York, San Francisco, Dublin, London and Hong Kong. Check us out at circle.com and download Circle Pay & Circle Invest for iOS and Android today. We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. About your personal information We respect your privacy and are committed to protecting your personal information. Please refer to our candidate privacy notice here. for more information on how we will be using your personal information. By submitting your application, you agree that you have read and understood the candidate privacy notice.