Boston, USA

Circle is a global internet finance company, built on blockchain technology, powered by crypto assets, and dedicated to helping people everywhere create and share value.

We’ve already made sending money around the world free and easy using blockchain technology with Circle Pay. With Circle Invest, we’re expanding our offerings with a cryptocurrency investment product, enabling anyone to buy and sell crypto assets. Through Circle Trade, we’re market makers for the top crypto coins and offer OTC trading services. In March 2018, Circle acquired Poloniex, one of the world's leading token marketplaces.

Circle is looking for a ProductSecurityEngineer who will work with engineering and product teams to secure Circle’s product portfolio; most notably, Circle Pay. You should love tackling difficult problems, and be excited to learn new things quickly and independently. You will be asked to methodically and comprehensively understand the security posture and attack surface of all Circle products, and then develop the appropriate security controls. It’s crucial that you’re an effective communicator, as you’ll collaborate frequently with different engineering teams to identify and address security issues.

What you'll work on

• Collaborate frequently with different engineering teams to identify and address security issues
• Have a part in every aspect the development lifecycle
• Attend the daily stand ups to ensure that product features have security “built in” and then work with Ops and DevSecOps to make sure the it is securely deployed
• Address the application layer security issues, as security incidents occur
• Manage relationships with Circle’s outsourced application pen-testing and bug-bounty vendors which involves confirming the reports from the external researcher and working with other teams on the remediation of discovered security bugs

What you'll bring to Circle

• 7+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
• Strong familiarity with the Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.)
• Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
• Familiar with vulnerability management and penetration testing tools : NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, or Metasploit
• A “breaker” mentality, but effective at designing the mitigating controls
• Solid communication skills: Demonstrated ability to explain complex technical issues to both technical and non-technical audiences
• Excellent attention to detail, quality, and schedule
• Strong analytical, organizational, and technical writing skills
• Strong working knowledge of applied cryptography

Preferred Experience

• Experience building an application security program
• Experience with Android and iOS application security
• Experience using AWS security monitoring technologies CloudWatch and CloudTrail events
• Prior exposure to modern CI/CD pipelines
• Experience working in a regulated environment such as PCI or SOX

Circle was founded in 2013 by internet entrepreneurs Jeremy Allaire and Sean Neville. We’re backed by $250 million from investors including Jim Breyer (Facebook), Goldman Sachs, IDG Capital (Baidu, Tencent), General Catalyst (AirBnB, Snapchat), Accel Partners, and Bitmain, with offices in Boston, New York, San Francisco, Dublin, London and Hong Kong. Check us out at circle.com and download Circle Pay & Circle Invest for iOS and Android today. We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. About your personal information We respect your privacy and are committed to protecting your personal information. Please refer to our candidate privacy notice here. for more information on how we will be using your personal information. By submitting your application, you agree that you have read and understood the candidate privacy notice.