Staff Application Security Engineer

Save
You need to sign in or
create an account to save a job.
Circle is a global crypto finance company, built on blockchain technology, powered by crypto assets, and dedicated to helping people and institutions create and share value globally. With our suite of products, we enable our customers to send and receive money around the world easily, as well as invest in and trade crypto assets.

We are looking for a Staff Application Security Engineer to work with our engineering and product teams to secure Circle’s mobile product portfolio; Circle Pay, Circle Invest, and the Poloniex mobile app. You should love pursuing hard problems, and be excited to learn new things quickly and independently. You will be asked to methodically and comprehensively understand the security posture and attack surface of these Circle products, and then develop the appropriate security controls. It’s crucial that you’re an effective communicator, as you’ll collaborate frequently with different engineering teams to identify and address security issues.
What you'll work on
  • Collaborate frequently with different engineering teams to identify and address security issues
  • Have a part in every aspect the development lifecycle
  • Attend the daily stand ups to ensure that product features have security “built in”
  • Address the both the mobile app and supporting REST API security issues, as security incidents occur
What you'll bring to Circle
  • 3+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
  • Experience with Android and iOS native application security
  • Strong familiarity with the Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.)
  • Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
  • Familiar with vulnerability management and penetration testing tools : Burp and Metasploit
  • A “breaker” mentality, but effective at crafting the mitigating controls
  • Proven interpersonal skills: Ability to explain complex technical issues to both technical and non-technical audiences
  • Proven knowledge of applied cryptography


Circle was founded in 2013 by internet entrepreneurs Jeremy Allaire and Sean Neville. We’re backed by $250 million from investors including Jim Breyer (Facebook), Goldman Sachs, IDG Capital (Baidu, Tencent), General Catalyst (AirBnB, Snapchat), Accel Partners, and Bitmain, with offices in Boston, New York, San Francisco, Dublin, London and Hong Kong.

Circle Pay enables customers to send and receive money, across borders and currencies. Circle Invest empowers consumers to buy and sell crypto assets. Circle Trade is one of the world’s top market makers for major crypto coins and offers OTC trading services for institutions and high net worth individuals. Additionally, in 2018 Circle acquired Poloniex and signed an agreement to acquire SeedInvest, both of which enable us to expand our offerings even further. Poloniex is one of the world's leading token marketplaces. SeedInvest is the largest equity crowdfunding platform in the United States, as well as a licensed broker-dealer.

Check us out at circle.com and download Circle Pay & Circle Invest for iOS and Android today.

We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Similar searches: Full time, Trading & Tools, Exchanges, Payments 2.0, Payment Services, Massachusetts, Information Security