Key skills
PythonSQLAIMLETLELTData EngineeringAnalyticsKafkaAWSGCPEKSS3GlueAthenaKinesisPub/SubBlockchainSaaSCollaboration
About this role
Circle is one of the world’s leading internet financial platform companies, building the foundation of a more open, global economy through digital assets and payment applications. The Lead Security Engineer will be responsible for the architecture and evolution of Circle’s security data platform, ensuring effective detection and response outcomes through collaboration with various teams.
Responsibilities:
- Own the architecture, design, and evolution of Circle’s security data platform, ensuring scalable ingestion, normalization, enrichment, and delivery of telemetry across a growing and complex set of internal and external data sources
- Design and implement ETL/ELT pipelines for high-volume security data to support reliable detection, investigation, and response workflows
- Build and maintain streaming and batch data pipelines to enable real-time detection and retrospective security analysis
- Define and enforce data standards, schemas, and normalization frameworks to ensure consistent and high-quality telemetry across systems
- Evaluate and optimize log ingestion, parsing, and preprocessing pipelines to improve performance and downstream usability in SIEM and analytics platforms
- Act as a senior member of the Detection & Response function, participating in incident response, investigation, and resolution of security events
- Develop and enhance detections, playbooks, and response workflows, leveraging high-quality telemetry and automation
- Identify gaps in visibility during incidents and drive systemic improvements in logging, data ingestion, and detection coverage
- Provide strategic direction and roadmap for the evolution of security data architecture and detection capabilities as the business scales
- Take on-call shifts (every 3rd week and occasional weekend)
Requirements:
- 8 - 10+ years of experience in security engineering, detection & response, or data engineering
- Proven experience designing and operating large-scale data pipelines (ETL/ELT) in cloud environments
- Experience building or owning security data platforms or high-volume log ingestion pipelines
- Hands-on experience with cloud-native data services (AWS preferred: S3, Glue, Athena, MSK/Kafka, etc.)
- Strong understanding of streaming architectures (Kafka, Kinesis, Pub/Sub, or equivalent)
- Experience handling high-volume security telemetry (endpoint, identity, network, SaaS, and cloud logs)
- Expertise in data normalization, schema design, and event modeling for security use cases
- Strong programming skills in Python and SQL (or similar languages)
- Experience working with SIEM, SOAR, and analytics platforms
- Experience with incident response, threat detection, and security investigations
- Experience in AWS + EKS environments required; exposure to GCP or OCI is a plus
- Experience leveraging AI/ML tooling for detection, automation, or analytics is a plus
- Experience with building Detections As Code
- Professional or hobbyist blockchain exposure is preferred