Product Security Architect (Boston)

Save
You need to sign in or
create an account to save a job.
Boston, USA

Circle is a global internet finance company, built on blockchain technology, powered by crypto assets, and dedicated to helping people everywhere create and share value.

We’ve already made sending money around the world free and easy using blockchain technology with Circle Pay. With Circle Invest, we’re expanding our offerings with a cryptocurrency investment product, enabling anyone to buy and sell crypto assets. Through Circle Trade, we’re market makers for the top crypto coins and offer OTC trading services. In March 2018, Circle acquired Poloniex, one of the world's leading token marketplaces.

Circle is looking for a ProductSecurityArchitect who will work with engineering and product teams to secure Circle’s product portfolio; most notably, Circle Pay. You should love tackling difficult problems, and be excited to learn new things quickly and independently. You will be asked to methodically and comprehensively understand the security posture and attack surface of all Circle products, then developing the appropriate security controls.

What you'll work on
    • Manage relationships with Circle’s outsourced application pen-testing and bug-bounty vendors
    • Confirm the reports from the external researcher and work with other teams on the remediation of discovered security bugs
    • Apply your AppSec knowledge to Solidity, the Ethereum Virtual Machine (EVM), and security
    • As security incidents occur, address the application layer security issues
    • You should relish in technical subtleties and minutiae, and have a passion for combining them with a flair for creativity and insight to hack smart contracts
    • Collaborate frequently with different engineering teams to identify and address security issues
    • Have a part in every aspect the development lifecycle
    • Attend the daily stand ups to ensure that product features have security “built in” and then work with the Ops and DevSecOps to make sure that it’s securely deployed


What you'll bring to Circle
    • 10+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
    • Strong background in cryptography and cryptanalysis
    • A “breaker” mentality, but be effective at designing the mitigating controls
    • Strong familiarity with the Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.).
    • Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.
    • Familiar with vulnerability management and penetration testing tools : NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, or Metasploit
    • Solid communication skills: Demonstrated ability to explain complex technical issues to both technical and non-technical audiences
    • Excellent attention to detail, quality, and schedule
    • Strong analytical, organizational, and technical writing skills
    • Strong working knowledge of applied cryptography


Preferred
    • Experience building an application security program
    • Experience with Android and iOS application security
    • Experience using AWS security monitoring technologies CloudWatch and CloudTrail events
    • Prior exposure to modern CI/CD pipelines
    • Experience with Solidity and the Ethereum Virtual Machine (EVM)
    • Experience working in a regulated environment such as PCI or SOX


Circle was founded in 2013 by internet entrepreneurs Jeremy Allaire and Sean Neville. We’re backed by $250 million from investors including Jim Breyer (Facebook), Goldman Sachs, IDG Capital (Baidu, Tencent), General Catalyst (AirBnB, Snapchat), Accel Partners, and Bitmain, with offices in Boston, New York, San Francisco, Dublin, London and Hong Kong.

Check us out at circle.com and download Circle Pay & Circle Invest for iOS and Android today.

We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

About your personal information

We respect your privacy and are committed to protecting your personal information. Please refer to our candidate privacy notice here. for more information on how we will be using your personal information. By submitting your application, you agree that you have read and understood the candidate privacy notice .

Similar searches: Full time, Trading & Tools, Exchanges, Payments 2.0, Payment Services, Massachusetts, Information Security