Lead Security Engineer Detection & Response (Data Platform)

• Own the architecture design and evolution of Circle's security data platform ensuring scalable ingestion normalization enrichment and delivery of telemetry across a growing and complex set of internal and external data sources.
• Design and implement ETL/ELT pipelines for high-volume security data to support reliable detection investigation and response workflows.
• Build and maintain streaming and batch data pipelines to enable real-time detection and retrospective security analysis.
• Define and enforce data standards schemas and normalization frameworks to ensure consistent and high-quality telemetry across systems.
• Evaluate and optimize log ingestion parsing and preprocessing pipelines to improve performance and downstream usability in SIEM and analytics platforms.
• Act as a senior member of the Detection & Response function participating in incident response investigation and resolution of security events.
• Develop and enhance detections playbooks and response workflows leveraging high-quality telemetry and automation.
• Identify gaps in visibility during incidents and drive systemic improvements in logging data ingestion and detection coverage.
• Provide strategic direction and roadmap for the evolution of security data architecture and detection capabilities as the business scales.
• Take on-call shifts (every 3rd week and occasional weekend).

• Strong ability to work collaboratively across teams during high-stress situations which sometimes involves after hours work.
• Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
• Self-motivated and creative problem-solver able to work independently with minimal guidance.
• Strong communication skills with the ability to translate complex technical concepts into clear recommendations.

• 8 - 10+ years of experience in security engineering detection & response or data engineering.
• Proven experience designing and operating large-scale data pipelines (ETL/ELT) in cloud environments.
• Experience building or owning security data platforms or high-volume log ingestion pipelines.
• Hands-on experience with cloud-native data services (AWS preferred: S3 Glue Athena MSK/Kafka etc.).
• Strong understanding of streaming architectures (Kafka Kinesis Pub/Sub or equivalent).
• Experience handling high-volume security telemetry (endpoint identity network SaaS and cloud logs).
• Expertise in data normalization schema design and event modeling for security use cases.
• Strong programming skills in Python and SQL (or similar languages).
• Experience working with SIEM SOAR and analytics platforms.
• Experience with incident response threat detection and security investigations.
• Experience in AWS + EKS environments required; exposure to GCP or OCI is a plus.
• Experience leveraging AI/ML tooling for detection automation or analytics is a plus.
• Experience with building Detections As Code.
• Professional or hobbyist blockchain exposure is preferred.

• View security as a data and engineering problem first.
• Are comfortable operating across both hands-on incident response and long-term architecture design.
• Can identify gaps in telemetry and design scalable solutions to close them.
• Use real-world incidents to drive systemic improvements in detection and data quality.
• Think in terms of systems pipelines and long-term strategy not just alerts.
• Are self-reliant curious and proactive in solving complex problems.
• Communicate clearly and collaborate effectively across teams.

What We Do

Circle (NYSE: CRCL) is a global internet financial platform company powering the foundation of an open borderless and programmable economy. Circle connects financial institutions enterprises and developers to the next generation of the internet financial system through digital assets such as USDC Circle Payments Network for global money movement and Arc an enterprise-grade blockchain designed to become the Economic OS for the internet. Supporting trillions of dollars in economic activity and serving hundreds of millions of users worldwide Circle enables value to move with the speed security and transparency of the internet. Circle is committed to visibility and stability in everything we do. As we grow as an organization we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: High Integrity Future Forward Multistakeholder Mindful and Driven by Excellence. We have built a flexible work environment where new ideas are encouraged and everyone is a stakeholder.

Why Work With Us

Our employees are treated as people first with a real purpose for being here. Circle has created an environment where people can thrive grow be challenged and constantly build on their career. It's this same environment that draws competitive strength from within our employee base.

Gallery