• Progettazione e dimensionamento di sistemi di security • Redazione di relazioni tecniche e capitolati speciali d’appalto • Sviluppo di schemi funzionali e layout impiantistici • Verifica della conformità normativa (CEI 79-3, EN 50131, EN 62676, CEI EN 60839, GDPR) • Coordinamento con le discipline progettuali e supporto alla Direzione Lavori

Circle (NYSE: CRCL) is one of the world's leading internet financial platform companies, building the foundation of a more open, global economy through digital assets, payment applications, and programmable blockchain infrastructure. Circle's platform includes the world's largest regulated stablecoin network anchored by USDC, Circle Payments Network for global money movement, and Arc, an enterprise-grade blockchain designed to become the Economic OS for the internet. Enterprises, financial institutions, and developers use Circle to power trusted, internet-scale financial innovation. Learn more at circle.com . What you'll be part of: Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values : High Integrity, Future Forward, Multistakeholder, Mindful, and Driven by Excellence. We have built a flexible work environment where new ideas are encouraged and everyone is a stakeholder. What you'll be responsible for: The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. As a member of this team, you'll lead projects and be responsible for key deliverables of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment. This role sits at the intersection of three of Circle's highest-stakes threat surfaces: our blockchain and custody environments (USDC issuance, Arc, on-chain monitoring), our cloud-native infrastructure (AWS + EKS), and the AI tooling Circle adopts internally and ships in product. You'll build detection coverage and response capability across all three; not as a generalist, but as a Principal who can go deep on each. Also note that this position will require you to perform on-call duties mainly during working hours to support security operations, and you will assist the team with the occasional night time and weekend incident. We would also like someone with a strong response background and some exposure to insider risk. What you'll work on: - Proactively identify and respond to emerging security threats across cloud, endpoint, blockchain, and AI surfaces. - Build detection and response capability for blockchain and crypto-native threats: on-chain anomalies, custody-vault interactions, wallet abuse, smart contract exploitation, and protocol-level attackers targeting USDC and Circle's blockchain products. - Develop detection coverage for cloud-native attacks across AWS + EKS: IAM compromise, identity federation abuse, lateral movement in containerized workloads, runtime exploitation, and misconfiguration drift. - Extend detection for AI-specific risks: shadow AI adoption, unauthorized AI integrations, agentic workflows and MCP/tool abuse, and AI-driven credential exposure. - Advance deployment of AI to the SOC function including detection triage, enrichment, and analyst-acceleration workflows. - Develop plans to manage and maintain core tooling, such as SIEM and Orchestration platforms. - Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection. - Lead and respond to incidents and collaborate across teams to investigate and resolve. - Develop detection techniques to identify anomalous behaviors and attacks across the environment. - Provide security guidance to various organizations throughout the company. - Support broader security team projects such as threat modeling, vulnerability scanning, audits, and custom tool building. - Take on-call shifts (every 3rd week and occasional weekend). What you'll bring to Circle: - Strong ability to work collaboratively across teams during high-stress situations, which sometimes involves after hours work. - Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly. - Self-motivated and creative problem-solver able to work independently with minimal guidance. - Experience/familiarity with Slack, Apple macOS, and GSuite. We're looking for strong, impactful work experience, which typically includes: - 10+ years of experience in detection, response, or security engineering. - 3+ years of experience commanding security incidents, especially those involving engineering. - Deep cloud security knowledge in AWS environments: IAM, identity federation, KMS, EKS/container attack patterns, runtime exploitation, and CSPM tooling (e.g., Wiz). Some exposure to GCP or OCI is preferred. - Working knowledge of blockchain and crypto-native threats: wallet and custody attack patterns, on-chain monitoring, protocol-level risks, and smart contract abuse. Direct experience defending blockchain, custody, or DeFi infrastructure is strongly preferred. - Hands-on experience using AI tooling both to accelerate work and to address threats, coupled with a strong understanding of the organizational risks AI introduces shadow AI, agentic workflows, MCP/tool integrations, and strategies to defend against them. - Extensive knowledge of SIEM, Case Management, and SOAR solutions (e.g., Panther, Tines). - Knowledge of operating systems, file systems, and memory on macOS. - Programming experience in Python, Golang, or similar programming languages. - Experience with building Detections As Code. You are the right person if you: - View Security Detection & Response as a data and engineering problem. - Exude positivity. - Aren't afraid to share your ideas. - Meet problems head-on and view them as opportunities. - Are self-reliant and motivated. - Communicate fearlessly. Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages. Starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations. Base Pay Range: €110,000.00 - €170,000.00 We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status, or any other protected status required by the laws in the locations where we hire. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law. Should you require accommodations or assistance in our interview process because of a disability, please reach out to accommodations@circle.com for support. We respect your privacy and will connect with you separately from our interview process to accommodate your needs. #LI-Remote

• Continuously monitor Claude and ChatGPT product roadmaps, release notes, and vendor communications to anticipate platform changes before they land • Translate upcoming features into proactive configuration, policy, and enablement decisions not reactive scrambles • Maintain active relationships with Anthropic and OpenAI account teams; flag ToS updates, data processing agreement changes, and acceptable use policy shifts before they become surprises • Provide expert-level administration of AI console environments across both platforms • Manage Claude and ChatGPT organizational settings files using Git, version-controlled, reviewed, and deployed like the infrastructure they are • Own API key lifecycle management and secrets hygiene for all AI integrations • Manage SSO/SCIM provisioning for AI platforms; ensure access is tight, auditable, and clean • Develop token tracking and financial dashboards so leadership actually knows what AI costs us by team, by use case, by month • Build anomaly detection on AI spend; if something spikes, you catch it before accounting does • Produce regular usage trend reports and ROI framing for leadership that goes beyond "we use AI a lot" • Build and maintain internal MCP servers that extend AI capabilities into our workflows securely • Be the in-house subject matter expert on agentic AI builds such as architecture, risk, failure modes, and the parts that go sideways in ways no one anticipated • Write code. Python and/or TypeScript. AI-augmented is fine (encouraged, even), but you need to own what ships • Identify and mitigate prompt injection risks in internal AI-powered tools • Ensure no sensitive or regulated data (PII, PCI, PHI) flows into AI prompts. Architect the guardrails, not just the policy • Maintain awareness of AI-specific incident response options; when something goes wrong with an AI integration, you're in the room • Serve as IT Engineering's primary liaison to the AI Adoption Committee bringing operational grounding to adoption decisions • Participate actively in the AI Working Group; connect platform capabilities to how the company actually uses them • Partner closely with the Governance & Trust team, who leads AI policy and governance. Your job is to be their technical counterpart by implementing, informing, and flagging issues, not owning the policy itself

• Serve as a trusted vCISO advisor to client organizations, providing strategic cybersecurity leadership and program guidance. • Lead cybersecurity maturity, gap, and risk assessments against frameworks including CMMC, NIST CSF, CIS Controls, HIPAA, ISO/IEC 27001, and related standards. • Develop and enhance client security programs, policies, procedures, governance processes, and risk management practices. • Conduct CMMC readiness assessments, scoping activities, SSP reviews, POA&M development, and remediation planning. • Present findings and recommendations to executive leadership, boards, and technical teams. • Support clients through compliance initiatives and continuous security improvement efforts.