Circles is a global technology company reimagining the telco industry with its innovative SaaS platform. They are seeking a hands-on Lead Security Engineer to strengthen their security posture across applications, APIs, cloud infrastructure, and engineering platforms, partnering closely with Engineering, DevOps, and Product to embed security throughout the SDLC.
Responsibilities:
- Lead threat modeling (STRIDE, PASTA, or equivalent) for new applications, features, and major platform changes
- Conduct security architecture reviews for applications, APIs, cloud infrastructure, and third-party services before go-live
- Define secure design patterns and reference architectures; provide hands-on security guidance at every stage of the SDLC, not just at release gates
- Own the Application Security program end-to-end: SAST, DAST, SCA, and API security testing — tool selection, policy tuning, and triage workflows
- Integrate security testing natively into CI/CD pipelines and DevSecOps workflows so findings surface before merge, not after deploy
- Assess REST and GraphQL APIs against the OWASP API Security Top 10 (broken object/function-level authorization, excessive data exposure, rate limiting, business logic abuse)
- Partner with engineering leads to prioritize findings by exploitability and business impact, and drive remediation within agreed SLAs
- Plan and execute internal penetration tests across web applications, APIs, cloud, and infrastructure; scope and oversee external pen test engagements
- Manually validate findings to separate real risk from noise before they reach engineering backlogs
- Own the vulnerability management lifecycle — from discovery through remediation to verified closure — and continuously tighten SLAs as maturity improves
- Serve as a technical escalation point for security incidents; lead or support incident response — triage, containment, root cause analysis, and post-incident reviews
- Improve detection and response capability through SIEM/SOAR rule tuning, informed directly by incident and threat intelligence learnings
- Close the loop between offensive findings (pen test, threat model) and detective controls (SIEM/SOAR), so known risks are also monitored, not just documented
- Build automation in Python (or equivalent) for security scanning, findings de-duplication, ticketing, and reporting workflows
- Integrate security tooling across CI/CD and SOC operations to eliminate repetitive manual work and shorten detection-to-remediation time
- Treat automation as a core deliverable, not a side project — every recurring manual security task is a candidate for a pipeline
Requirements:
- 10-12 years of hands-on experience in Application Security and Security Engineering
- Demonstrated, hands-on strength in: Threat modeling and secure architecture review
- Demonstrated, hands-on strength in: Microservice architecture
- Demonstrated, hands-on strength in: Penetration testing[Web, API, Mobile] and vulnerability management
- Demonstrated, hands-on strength in: SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security
- Demonstrated, hands-on strength in: Software supply-chain security
- Demonstrated, hands-on strength in: SOC operations and incident response
- Demonstrated, hands-on strength in: DevSecOps and CI/CD security integration
- Demonstrated, hands-on strength in: Python (or equivalent) scripting for security automation
- Solid working knowledge of the OWASP Top 10, OWASP API Security Top 10, secure coding practices, and cloud security fundamentals
- Capability to identify AI-specific vulnerabilities such as prompt injection, data poisoning, system prompt leakage, and insecure output handling
- Ability to read and understand code to identify vulnerabilities; proficiency in Java or Go (Golang) is a strong plus
- Strong communicator, able to influence engineering teams on remediation priority and translate technical risk into terms executives act on
- Certifications: OSCP, OSWE, GWAPT, GPEN, CISSP, or equivalent
- Experience securing AWS, Azure, or GCP environments, and Kubernetes/container workloads
- Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, XSOAR, or similar)
- Familiarity with security maturity frameworks: OWASP SAMM, BSIMM, or NIST CSF
- Exposure to securing AI/LLM implementations