Circles logo
Circles

Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel. Operates three distinct businesses: Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, powered by Circles’ SaaS platform and pioneering go-to-market strategies. Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Jetpac: Specializing in travel tech solutions, providing seamless eSIM roaming for over 200 destinations. Backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI.

Lead Security Engineer

Location

United States

Posted

1 day ago

Salary

0

Seniority

Lead

Job Description

Lead Security Engineer

Circles

Role Description We're looking for a hands-on Lead Security Engineer to strengthen our security posture across applications, APIs, cloud infrastructure, and engineering platforms. This IC role owns secure architecture, application security, penetration testing, SOC incident response, and security automation — partnering closely with Engineering, DevOps, and Product to embed security throughout the SDLC rather than bolt it on at the end. Key Responsibilities - Secure Architecture & Threat Modeling - Lead threat modeling (STRIDE, PASTA, or equivalent) for new applications, features, and major platform changes. - Conduct security architecture reviews for applications, APIs, cloud infrastructure, and third-party services before go-live. - Define secure design patterns and reference architectures; provide hands-on security guidance at every stage of the SDLC, not just at release gates. - Application & API Security - Own the Application Security program end-to-end: SAST, DAST, SCA, and API security testing — tool selection, policy tuning, and triage workflows. - Integrate security testing natively into CI/CD pipelines and DevSecOps workflows so findings surface before merge, not after deploy. - Assess REST and GraphQL APIs against the OWASP API Security Top 10 (broken object/function-level authorization, excessive data exposure, rate limiting, business logic abuse). - Partner with engineering leads to prioritize findings by exploitability and business impact, and drive remediation within agreed SLAs. - Penetration Testing & Vulnerability Management - Plan and execute internal penetration tests across web applications, APIs, cloud, and infrastructure; scope and oversee external pen test engagements. - Manually validate findings to separate real risk from noise before they reach engineering backlogs. - Own the vulnerability management lifecycle — from discovery through remediation to verified closure — and continuously tighten SLAs as maturity improves. - SOC & Security Operations - Serve as a technical escalation point for security incidents; lead or support incident response — triage, containment, root cause analysis, and post-incident reviews. - Improve detection and response capability through SIEM/SOAR rule tuning, informed directly by incident and threat intelligence learnings. - Close the loop between offensive findings (pen test, threat model) and detective controls (SIEM/SOAR), so known risks are also monitored, not just documented. - Security Automation - Build automation in Python (or equivalent) for security scanning, findings de-duplication, ticketing, and reporting workflows. - Integrate security tooling across CI/CD and SOC operations to eliminate repetitive manual work and shorten detection-to-remediation time. - Treat automation as a core deliverable, not a side project — every recurring manual security task is a candidate for a pipeline. Qualifications - 10-12 years of hands-on experience in Application Security and Security Engineering. - Demonstrated, hands-on strength in: - Threat modeling and secure architecture review. - Microservice architecture. - Penetration testing [Web, API, Mobile] and vulnerability management. - SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security. - Software supply-chain security. - SOC operations and incident response. - DevSecOps and CI/CD security integration. - Python (or equivalent) scripting for security automation. - Solid working knowledge of the OWASP Top 10, OWASP API Security Top 10, secure coding practices, and cloud security fundamentals. - Capability to identify AI-specific vulnerabilities such as prompt injection, data poisoning, system prompt leakage, and insecure output handling. - Ability to read and understand code to identify vulnerabilities; proficiency in Java or Go (Golang) is a strong plus. - Strong communicator, able to influence engineering teams on remediation priority and translate technical risk into terms executives act on. Preferred Qualifications - Certifications: OSCP, OSWE, GWAPT, GPEN, CISSP, or equivalent. - Experience securing AWS, Azure, or GCP environments, and Kubernetes/container workloads. - Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, XSOAR, or similar). - Familiarity with security maturity frameworks: OWASP SAMM, BSIMM, or NIST CSF. - Exposure to securing AI/LLM implementations. Company Description Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. - Circles.Life : A wholly-owned digital lifestyle telco brand based in Singapore, powered by Circles’ SaaS platform and pioneering go-to-market strategies. - Circles Aspire : A global provider of Communications Platform-as-a-Service (CPaaS) solutions. - Jetpac : Specializing in travel tech solutions, providing seamless eSIM roaming for over 200 destinations.

Related Categories

Related Job Pages

More Security Engineer Jobs

Toyota Tsusho Europe logo

Cyber Data Security Specialist

Toyota Tsusho Europe

Conglomerate/trading house/Sogo Shosha of the Toyota Group

Full TimeRemoteTeam 1,001-5,000Since 1968H1B No Sponsor

• Install, maintain, and support anti-malware on all network storage devices – ensuring complete coverage in environment. Monitor/remediate malware alerts. Ensure alerts/logs are defined and are successfully sent to SIEM. • Check daily scheduled jobs and services for errors/issues. Open support cases with vendors, as needed. See remediation of issues to end. • Review event collection on all monitored devices to ensure complete coverage. Correct any issues to prevent event loss. • Monitor CVEs related to data security software and related to Windows/Linux OSes. Follow software vendor’s releases. Install updates and patches in a timely manner to ensure vulnerability gaps are closed. Implement other countermeasures where updates are not yet released for vulnerabilities. • Run projects to identify and remediate data that has excessive access permissions. • Collaborate with internal teams (such as server, storage, collaboration, active directory, business units, etc.) to accomplish project objectives and provide support/expertise on storage security. • Provide support to Collaboration team to place data classification labels on data. • Provide requested reports to users. Examples include, but not limited to: • Show all activity for user in provided timeframe. • Determine how files on a share\folder disappeared and who did it. • Provide a report of stale data. • Show where sensitive files exist with open permissions. • Display where files exist containing SSNs or Credit Card numbers. • Collaborate with and assist internal Cyber teams, such as Incident Detection, Incident Response, Investigation, and Data Loss Prevention on data security needs. • Use data security software to define alerts of anomalous activity and ensure alerts are sent to SIEM. • Perform health checks on servers, monitor resource usage, and proactively request additional resources to ensure optimal performance. • Work with Incident Detection, Incident Response, Investigation, and Data Loss Prevention teams – providing needed data out of data security tools. • Manage implementation of data security hardware/software at new sites from start to end, including submission of firewall rule modification request. • Manage and support host-based intrusion detection systems.

Texas
CSC logo

Cyber Security Analyst - Audit

CSC

CSC is a global leader in providing business, legal, tax, and digital brand services to companies around the world. With more than 8,000 employees, CSC operates in more than 140 jurisdictions, delivering solutions that help businesses thrive. We pride ourselves on our client-focused approach, market-leading expertise, and unmatched global reach.

Full TimeRemoteTeam 5,001-10,000Since 1899H1B Sponsor

Cyber Security Analyst – Audit Luxembourg OR Amsterdam, Netherlands Monday – Friday 8:00 am – 5:00 pm OR 9:00 am – 6:00 pm Hybrid We are seeking a Cybersecurity Analyst – Audit to support and enhance the organization’s security posture across multiple jurisdictions. This role is responsible for executing audit activities, strengthening compliance frameworks, and aligning security strategies across both legacy and modern technology environments. The candidate will work closely with audit partners and internal stakeholders to ensure adherence to audit and regulatory requirements and continuous improvement of security assurance practices. The ideal candidate has at least four years of experience in cybersecurity, IT audit, risk management, or compliance. This role ensures adherence to global regulatory standards (e.g., SOX, GDPR, ISO), evaluates control effectiveness, and serves as a primary liaison for auditors. The role requires strong risk assessment capabilities, proactive issue resolution, and a balanced focus on compliance and enterprise resilience in tandem with security leadership. Some of the things that you will be doing: - Partner with global teams across business operations, compliance, IT, and legal to manage technology risk and regulatory compliance. - Plan and execute internal, external, and jurisdictional audits in line with the audit roadmap. - Develop and enhance security policies, standards, procedures, and compliance frameworks. - Improve IT compliance processes and identify automation opportunities for control activities. - Design and execute control testing strategies and ensure proper evidence documentation. - Maintain and enhance control frameworks aligned with regulatory and industry standards. - Conduct IT risk assessments and track remediation of identified gaps. - Coordinate with auditors, regulators, and stakeholders during audit cycles. - Track and report compliance metrics and program effectiveness indicators. - Leverage GRC tools for audit management, evidence tracking, and reporting. - Identify risks and vulnerabilities and recommend mitigation strategies. - Manage third-party/vendor risk assessments and escalations. - Respond to regulatory and jurisdictional audit requests. - Provide actionable insights and reporting to security leadership. What technical skills, experience and qualifications do you need? - Bachelor’s degree in Computer Science, Information Technology, MIS, or related field (or equivalent experience). - 4+ years of experience in IT audit, risk management, or cybersecurity. - Strong knowledge of Global regulatory frameworks such as SOX, GDPR, ISO, DORA PCI, PSD2 and NIST. - Familiarity with audit standards and frameworks (SOC 1 & 2, ISO 27001, NIST, COSO, COBIT). - Understanding of cybersecurity threat landscape and control environments. - Knowledge of modern technologies including cloud, DevOps, application security, and AI. - Experience working with/ customizing GRC tools (e.g., Archer, OneTrust, AuditBoard, Diligent). - Strong analytical, communication, and problem-solving skills. - Proactive approach towards available work requests and timely response. - Ability to translate technical risks into business insights. - Hands-on experience in IT disciplines and audit execution. - Experience in global and multi-regulatory environments. - Ability to manage complex compliance requirements across jurisdictions. - Strong organizational and proactive risk management skills. - High integrity, accountability, and professional excellence. - CISSP, CISM, CRISC, CISA, CIA, or other relevant cybersecurity, audit, or risk certifications. #CSC #CSCCareers #LI-HL1 About Us CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.® Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other. CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued. CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging, CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC. We encourage candidates to apply directly to our website and not through third-party sources. Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications. About the Team At CSC®, we’re always looking ahead, finding ways to innovate, challenge the status quo, and anticipate the needs of our clients. We exceed expectations by adapting client ambitions and goals as our own. This Fierce Client Spirit has helped us adapt and create solutions that have enabled businesses to run smoother and smarter for more than 125 years. It’s also the reason we’re the trusted partner of many of the world’s most successful organizations. CSC is committed to attracting, developing, and retaining talented people whose values align with ours. We empower our colleagues to bring the right solutions to market to meet client demand. That’s why we are the leading provider of business administration and compliance solutions. - CSC is a great place to work with smart and dedicated people. - We have won several employer recognition awards, including Top Workplace USA, Great Places to Work India, and Built In’s Best Places to Work. - We offer fulfilling work and career opportunities. Most positions are filled with internal moves and employee referrals. - Employees are eligible for Success Sharing, bonuses, or commission plans based on role and individual performance. - CSC offers a competitive and comprehensive benefits package that includes annual leave, tuition reimbursement, referral bonuses, and more. - As business needs allow, CSC offers hybrid or remote work schedules in alignment with local regulations. Specific details for this position will be discussed during the interview process.

Luxembourg + 3 moreAll locations: Luxembourg | Ireland | United Kingdom | Netherlands
KBR, Inc. logo

IT Security Administrator

KBR, Inc.

We deliver science, technology and engineering solutions to governments and companies around the world.

Full TimeRemoteTeam 10,001+Since 1901H1B No Sponsor

• Administer KBR's Active Directory, Azure/Entra, and other information security systems • Ensure that security controls, procedures, and designs are in line with established information security standards • Process security requests to ensure proper approvals are documented • Collaborate with other teams to design and implement secure systems • Monitor queue to resolve and troubleshoot various system access issues • Identify and investigate security violations, determine causes, and execute corrective measures • Manage and monitor security events and incidents, provide incident response • Participate in security audits and assessments, provide support for corrective actions • Maintain knowledge of the latest security trends, threats, and vulnerabilities.

Australia
Hudson IT and Manpower logo

Security Software Engineer III

Hudson IT and Manpower

Information Technology and Manpower Services

Full TimeRemoteTeam 11-50Since 2019H1B No Sponsor

• Lead enterprise security infrastructure projects from planning through implementation • Coordinate security, infrastructure, engineering, and operations teams • Manage encryption and certificate lifecycle initiatives • Oversee enterprise key management implementations • Coordinate Public Key Infrastructure (PKI) activities • Ensure project delivery meets quality, schedule, and budget expectations • Identify technical risks and develop mitigation strategies • Communicate with executive sponsors and project stakeholders • Manage project documentation and reporting • Ensure compliance with enterprise governance standards • Coordinate vendor relationships when required • Support security audits and compliance initiatives • Resolve cross-project conflicts and resource constraints • Drive continuous improvement across security engineering processes • Mentor junior project managers and technical team members

Ohio
$50 - $53 / hour