Remote Principal Security Engineer, Threat and Vulnerability Management Job in Greater London, UK Circle

Who you are

• Consultative and flexible approach to partner with engineering and technology teams
• Expertise with Cloud vulnerability scanning solutions like Wiz, Prisma Cloud, Qualys, or Amazon Inspector
• Hands-on experience developing, deploying, and integrating vulnerability scanning with Terraform, Github, Jira, Slack
• Hands-on coding/scripting experience with Python, SQL, Javascript, bash
• Expertise with Cloud Infrastructure in AWS and GCP
• Knowledge of containerization, orchestration, and cloud scale solutions
• Experience with CICD within the SDLC process
• Expertise with Slack, Apple MacOS and GSuite
• Familiarity with CVSS, EPSS, threat intelligence, risk analysis, and threat modeling
• Familiarity with blockchain/web3 development preferred
• Enthusiasm for automation and scalable reproducible security practices
• Self-motivated and creative problem-solver
• Ability to manage multiple competing priorities and use good judgment to establish order
• Ability to influence and resolve issues to achieve objectives
• Design and operate easy-to-test and audit controls
• Advanced degree in computer science or related fields preferred
• Strong collaborative skills in high-stress situations
• Understanding of ISO 27001/27002 and NIST Cybersecurity Framework desirable
• 8+ years in cybersecurity with 2+ years as a principal engineer
• Amazon certifications for Solutions Architect, Devops Engineer, and/or Security preferred
• CISSP, CCSP, and/or CEH certifications a plus

Desirables

• Collaborative in high-stress situations
• Experience with blockchain/web3 development
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)

What the job involves

• Test web applications and underlying systems for vulnerabilities using both tools and manual techniques
• Manage the remediation of findings through resolution
• Recommend code changes to eliminate vulnerabilities
• Automate security tests within the CI/CD pipeline
• Research vulnerabilities specific to the financial industry & blockchain technologies and incorporate this knowledge in Circle’s security practices
• Serve as an escalation point to investigate threats and identify vulnerabilities
• Investigate vulnerability reports related to Circle products and systems
• Influence the continuous improvement of the Threat and Vulnerability Management program
• Support other security team projects such as threat modeling, vulnerability scanning, and audits.