Lead Security Engineer, Insider Risk & Investigations
Circle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data — globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up previously unimaginable possibilities for payments, commerce and markets that can help raise global economic prosperity and enhance inclusion. Our infrastructure – including USDC, a blockchain-based dollar – helps businesses, institutions and developers harness these breakthroughs and capitalize on this major turning point in the evolution of money and technology.
What you’ll be part of:
Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: Multistakeholder, Mindfulness, Driven by Excellence and High Integrity. Circlers are consistently evolving in a remote world where strength in numbers fuels team success. We have built a flexible and diverse work environment where new ideas are encouraged and everyone is a stakeholder.
What you’ll be responsible for:
In 2020, Circle unveiled Circle APIs: a set of solutions and smarter technology to help businesses accept payments in a more global, scalable and efficient alternative to traditional banking rails (spoiler: we’re using USD Coin under the hood). The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. As a member of this team, you’ll lead projects and be responsible for key deliverables of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment.
What you'll work on:
- Conduct analysis of user behavior and organizational controls apparent in security logging.
- Leverage analysis to build technical detections and controls.
- Drive the development and implementation of automated data access checks across various platforms to help detect abuse and data exfiltration.
- Perform security incident investigations using data analytics and computer forensics.
- Build automation and detection models to support identification of anomalous activity to mitigate insider risk at scale.
- Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection.
- Partner with stakeholders to contribute to Security Awareness messaging, training and exercises.
- Drive deployment, development, and improvements in Security Incident and Event Management, Case Management, and Automation.
- Provide security guidance to various organizations throughout the company.
You will aspire to our four core values:
- Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
- Mindful - you seek to be respectful, an active listener and to pay attention to detail.
- Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals.
- High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards. You reject manipulation, dishonesty and intolerance.
What you’ll bring to Circle:
- 5-7+ years experience in security operations such as technical investigations or Digital Forensics and Incident Response (DFIR) with a minimum of two years (can be overlapping) with a focus on Insider Threat.
- Experience with technologies relevant to Insider Threat (SIEMs, DLP solutions, CASBs, UEBA tools, host forensic solutions).
- Experience in data science and analytics solutions applicable to the insider threat detection space.
- Exposure to programming, scripting and query languages such as Python, Golang, bash, SQL.
- Strong ability to work collaboratively across teams during high-stress situations.
- Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
- Self-motivated and creative problem-solver able to work independently with minimal guidance.
- Enthusiasm for scalable, reproducible security management.
- In-depth knowledge of the insider threat landscape.
- Deep knowledge of SIEM, Case Management, EDR/ MDR, and DLP solutions.
- Experience working in financial services or financial technology desired.
- Experience working in an AWS environment preferred.
- Experience communicating technical findings to a variety of stakeholders.
- Proficiency in Google Suite, Slack and Apple MacOS preferred.
- Certifications such as CMU CERT ITPM/ ITVA, CCITP, CISM, CDPSE or similar will receive favorable consideration but are not required.
- This position is eligible for day-one PERM sponsorship for qualified candidates.
Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages.
The compensation range below is specific to San Francisco, CA. Actual starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations.
Base Pay Range: $185,000 - $245,000
Annual Bonus Target: 15%
Also Included: Equity & Benefits (including medical, dental, vision and 401(k)). Circle has a discretionary vacation policy. We also provide 10 days of paid sick leave per year and 11 paid holidays per year in the U.S.
We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law.