Sr. Security Engineer, Application Security (Boston)
Circle is on a mission to make it possible for everyone, everywhere to create and share value. We're building a new kind of consumer finance. Unlike existing systems that are closed and proprietary, we use open internet standards and protocols, including the blockchain, to build our products.
We've already made sending money around the world free and as easy as sending a text with Circle Pay. With Circle Trade, we're market makers for the top crypto currencies and offer OTC trading services. Now, we're expanding our offerings by building a cryptocurrency investment product ( https://invest.circle.com ) to enable anyone to buy and sell cryptocurrencies like Bitcoin and Ethereum.
What does that mean for the global economy? It's more open. More inclusive. And more empowering.
Circle is looking for a Product Security Engineer who will work with engineering and product teams to secure Circle’s product portfolio; most notably, Circle Pay. You should love tackling difficult problems, and you should be excited to learn new things quickly and independently. The Product Security Engineer will be asked to methodically and comprehensively understand the security posture and attack surface of all Circle products, and then develop the appropriate security controls. It’s crucial that you’re an effective communicator, as you’ll collaborate frequently with different engineering teams to identify and address security issues. You should have a “breaker” mentality, but be effective at designing the mitigating controls.
The Product Security Engineer will have a part in every aspect the development lifecycle. The lifecycle starts with working closely with development teams to understand the security posture of the features being developed. In Circle’s agile development environment, the Product Security Engineer will attend the daily stand ups to ensure that product features have security “built in” and then work with the Ops and DevSecOps to make sure the it’s securely deployed. Finally, as security incidents occur, the Product Security Engineer will address the application layer security issues.
The Product Security Engineer will manage relationship with Circle’s outsourced application pen-testing and bug-bounty vendors. This involves confirming the reports from the external researcher and working with other teams on the remediation of discovered security bugs.
• 7+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
• Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.
• Familiar with vulnerability management and penetration testing tools : NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, or Metasploit
• Solid communication skills: Demonstrated ability to explain complex technical issues to both technical and non-technical audiences
• Excellent attention to detail, quality, and schedule
• Strong analytical, organizational, and technical writing skills
• Strong working knowledge of applied cryptography
• Experience building an application security program
• Experience with Android and iOS application security
• Experience using AWS security monitoring technologies CloudWatch and CloudTrail events
• Prior exposure to modern CI/CD pipelines
• Experience working in a regulated environment such as PCI or SOX
Circle was founded in 2013 by internet entrepreneurs Jeremy Allaire and Sean Neville and we're backed by $140 million from investors including Jim Breyer (Facebook), Goldman Sachs, IDG Capital (Baidu, Tencent), General Catalyst (AirBnB, Snapchat) and Accel Partners.
Check us out at circle.com and download Circle Pay for iOS and Android today!