Principal Security Engineer, Detection & Response

Circle (NYSE: CRCL) is one of the worlds leading internet financial platform companies building the foundation of a more open global economy through digital assets payment applications and programmable blockchain infrastructure. Circles platform includes the worlds largest regulated stablecoin network anchored by USDC Circle Payments Network for global money movement and Arc an enterprise-grade blockchain designed to become the Economic OS for the internet. Enterprises financial institutions and developers use Circle to power trusted internet-scale financial innovation. Learn more at .

What youll be part of:

Circle is committed to visibility and stability in everything we do. As we grow as an organization were expanding into some of the worlds strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: High Integrity Future Forward Multistakeholder Mindful and Driven by Excellence. We have built a flexible work environment where new ideas are encouraged and everyone is a stakeholder.

What youll be responsible for:

The Circle Security Team works to protect Circle; our customers clients and partners; and the financial markets upon which we rely.

As a member of this team youll lead projects and be responsible for key deliverables of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment.

This role sits at the intersection of three of Circles highest-stakes threat surfaces: our blockchain and custody environments (USDC issuance Arc on-chain monitoring) our cloud-native infrastructure (AWS EKS) and the AI tooling Circle adopts internally and ships in product. Youll build detection coverage and response capability across all three; not as a generalist but as a Principal who can go deep on each.

Also note that this position will require you to perform on-call duties mainly during working hours to support security operations and you will assist the team with the occasional night time and weekend incident. We would also like someone with a strong response background and some exposure to insider risk.

What youll work on:

• Proactively identify and respond to emerging security threats across cloud endpoint blockchain and AI surfaces.

• Build detection and response capability for blockchain and crypto-native threats: on-chain anomalies custody-vault interactions wallet abuse smart contract exploitation and protocol-level attackers targeting USDC and Circles blockchain products.

• Develop detection coverage for cloud-native attacks across AWS EKS: IAM compromise identity federation abuse lateral movement in containerized workloads runtime exploitation and misconfiguration drift.

• Extend detection for AI-specific risks: shadow AI adoption unauthorized AI integrations agentic workflows and MCP/tool abuse and AI-driven credential exposure.

• Advance deployment of AI to the SOC function including detection triage enrichment and analyst-acceleration workflows.

• Develop plans to manage and maintain core tooling such as SIEM and Orchestration platforms.

• Identify gaps in our infrastructure and work with business partners to gain visibility through logging and detection.

• Lead and respond to incidents and collaborate across teams to investigate and resolve.

• Develop detection techniques to identify anomalous behaviors and attacks across the environment.

• Provide security guidance to various organizations throughout the company.

• Support broader security team projects such as threat modeling vulnerability scanning audits and custom tool building.

• Take on-call shifts (every 3rd week and occasional weekend).

What youll bring to Circle:

• Strong ability to work collaboratively across teams during high-stress situations which sometimes involves after hours work.

• Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.

• Self-motivated and creative problem-solver able to work independently with minimal guidance.

• Experience/familiarity with Slack Apple macOS and GSuite.

Were looking for strong impactful work experience which typically includes:

• 10 years of experience in detection response or security engineering.

• 3 years of experience commanding security incidents especially those involving engineering.

• Deep cloud security knowledge in AWS environments: IAM identity federation KMS EKS/container attack patterns runtime exploitation and CSPM tooling (e.g. Wiz). Some exposure to GCP or OCI is preferred.

• Working knowledge of blockchain and crypto-native threats: wallet and custody attack patterns on-chain monitoring protocol-level risks and smart contract abuse. Direct experience defending blockchain custody or DeFi infrastructure is strongly preferred.

• Hands-on experience using AI tooling both to accelerate work and to address threats coupled with a strong understanding of the organizational risks AI introduces shadow AI agentic workflows MCP/tool integrations and strategies to defend against them.

• Extensive knowledge of SIEM Case Management and SOAR solutions (e.g. Panther Tines).

• Knowledge of operating systems file systems and memory on macOS.

• Programming experience in Python Golang or similar programming languages.

• Experience with building Detections As Code.

You are the right person if you:

• View Security Detection & Response as a data and engineering problem.

• Exude positivity.

• Arent afraid to share your ideas.

• Meet problems head-on and view them as opportunities.

• Are self-reliant and motivated.

• Communicate fearlessly.

Circle is on a mission to create an inclusive financial future with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages.

Starting pay is determined by various factors including but not limited to: relevant experience skill set qualifications and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations.

We are an equal opportunity employer. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status or disability status or any other protected status required by the laws in the locations where we hire. Additionally Circle participates in the E-Verify Program in certain locations as required by law.

Should you require accommodations or assistance in our interview process because of a disability please reach out tofor support. We respect your privacy and will connect with you separately from our interview process to accommodate your needs.

#LI-Remote