Principal Security Engineer, Detection & Response

Responsibilities

• Proactively identify and respond to emerging security threats across cloud, endpoint, blockchain, and AI surfaces.
• Build detection and response capability for blockchain and crypto-native threats: on-chain anomalies, custody-vault interactions, wallet abuse, smart contract exploitation, and protocol-level attackers targeting USDC and Circle's blockchain products.
• Develop detection coverage for cloud-native attacks across AWS + EKS: IAM compromise, identity federation abuse, lateral movement in containerized workloads, runtime exploitation, and misconfiguration drift.
• Extend detection for AI-specific risks: shadow AI adoption, unauthorized AI integrations, agentic workflows and MCP/tool abuse, and AI-driven credential exposure.
• Advance deployment of AI to the SOC function including detection triage, enrichment, and analyst-acceleration workflows.
• Develop plans to manage and maintain core tooling, such as SIEM and Orchestration platforms.
• Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection.
• Lead and respond to incidents and collaborate across teams to investigate and resolve.
• Develop detection techniques to identify anomalous behaviors and attacks across the environment.
• Provide security guidance to various organizations throughout the company.
• Support broader security team projects such as threat modeling, vulnerability scanning, audits, and custom tool building.
• Take on-call shifts (every 3rd week and occasional weekend).
• What you'll bring to Circle:
• Strong ability to work collaboratively across teams during high-stress situations, which sometimes involves after hours work.
• Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
• Self-motivated and creative problem-solver able to work independently with minimal guidance.
• Experience/familiarity with Slack, Apple macOS, and GSuite.
• We're looking for strong, impactful work experience, which typically includes:
• 10+ years of experience in detection, response, or security engineering.
• 3+ years of experience commanding security incidents, especially those involving engineering.
• Deep cloud security knowledge in AWS environments: IAM, identity federation, KMS, EKS/container attack patterns, runtime exploitation, and CSPM tooling (e.g., Wiz). Some exposure to GCP or OCI is preferred.
• Working knowledge of blockchain and crypto-native threats: wallet and custody attack patterns, on-chain monitoring, protocol-level risks, and smart contract abuse. Direct experience defending blockchain, custody, or DeFi infrastructure is strongly preferred.
• Hands-on experience using AI tooling both to accelerate work and to addres

Benefits

Additional Information

Circle (NYSE: CRCL) is one of the world's leading internet financial platform companies, building the foundation of a more open, global economy through digital assets, payment applications, and programmable blockchain infrastructure. Circle's platform includes the world's largest regulated stablecoin network anchored by USDC, Circle Payments Network for global money movement, and Arc, an enterprise-grade blockchain designed to become the Economic OS for the internet. Enterprises, financial institutions, and developers use Circle to power trusted, internet-scale financial innovation. Learn more at circle.com . What you'll be part of: Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values : High Integrity, Future Forward, Multistakeholder, Mindful, and Driven by Excellence. We have built a flexible work environment where new ideas are encouraged and everyone is a stakeholder. What you'll be responsible for: The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. As a member of this team, you'll lead projects and be responsible for key deliverables of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment. This role sits at the intersection of three of Circle's highest-stakes threat surfaces: our blockchain and custody environments (USDC issuance, Arc, on-chain monitoring), our cloud-native infrastructure (AWS + EKS), and the AI tooling Circle adopts internally and ships in product. You'll build detection coverage and response capability across all three; not as a generalist, but as a Principal who can go deep on each. Also note that this position will require you to perform on-call duties mainly during working hours to support security operations, and you will assist the team with the occasional night time and weekend incident. We would also like someone with a strong response background and some exposure to insider risk.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at circle? Share your experience