Manager, Threat & Vulnerability Management


Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currency and public blockchains for payments, commerce and financial applications worldwide. Circle platforms and products provide a suite of internet-native financial services for payments, treasury infrastructure and capital formation. Circle is also a principal developer of USD Coin (USDC), which has become the fastest growing dollar digital currency in the world. USDC has grown to over 44+ billion in circulation and supported over $1.7+ trillion in transactions in the past year. Circle’s payments and treasury infrastructure services available through the Circle Account and APIs helps bridge the legacy financial system and digital currency and blockchain based finance. Combined, Circle’s suite of services helps companies to participate in a more open, global and inclusive financial system.

What you’ll be part of:

With the mission “To raise global economic prosperity through the frictionless exchange of value,” Circle was founded on the belief that the internet, blockchains and digital currency will rewire the global economic system, creating a fundamentally more open, inclusive, efficient and integrated world economy.  We envision a global economy where people and businesses everywhere can more freely connect and transact with each other with new technologies for digital money and internet-native finance. We believe such a system can raise prosperity for people and companies everywhere. Our mission is powered by the values we espouse and which we expect all Circlers to respect. We are Multistakeholder, serving the needs of our customers, our shareholders, our employees and families, our local communities and our world. Furthermore, we are also Mindful, Driven by Excellence, and High Integrity.

What you’ll be responsible for:

 In 2020, Circle unveiled Circle APIs: a set of solutions and smarter technology to help businesses accept payments in a more global, scalable and efficient alternative to traditional banking rails (spoiler: we’re using USD Coin under the hood). Over the next 12 months, we’re going to rapidly grow our API customer base and enable even more businesses to easily integrate and benefit from the breakthrough of programmable money on the internet. The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely.  The security team leads the company’s programs for information security and cybersecurity, business continuity, and vendor risk management. As a leader within the Security organization, you’ll build and lead a team that is responsible for key areas of the security program while collaborating across Circle’s business functions.  You will continue to learn and stay current in a fun and rapidly changing environment.

What you'll work on:

  • The Vulnerability Manager is responsible for the overall lifecycle of the Threat & Vulnerability Management program.
  • The successful Threat & Vulnerability Program Manager is the primary role to inform, advise, and partner with IT, Security, and other business units to help better secure their operations.
  • Identify gaps in current processes, workflows, and design and recommend changes or enhancements as needed.
  • Participate in Change Management Process, from early assessment of proposed changes/enhancements, through vulnerability scanning and recommended remediation before go-live.
  • Act as an advocate for security and the team in all tasks and engagements, not just vulnerability management specific.
  • A strong understanding of Windows, Mac, and Linux operating systems, endpoint applications, networking protocols, and devices.
  • Ability to influence business leader support to remediate vulnerabilities in accordance with defined timeframes to reduce the attack surface.
  • Participate in incident response activities as needed. 
  • Establish and mature cross-company processes around vulnerability management, including operating models, maturity models, SLAs/SLOs, discovery, and handling.
  • Maintain situational awareness around industry news on software vulnerabilities, including zero-day vulnerabilities and emergency patching
  • Implement and operationalize advanced Vulnerability Management reporting tools.
  • Design, develop and operationalize vulnerability management metrics.
  • Design and implement advanced vulnerability dashboards.
  • Performs other work-related duties as assigned.

You will aspire to our four core values:

  • Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families, and local communities.
  • Mindful - you seek to be respectful, an active listener and pay attention to detail.  
  • Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, you do not tolerate mediocrity, and you work intensely to achieve your goals. 
  • High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards.  You reject manipulation, dishonesty, and intolerance.

What you'll bring to Circle:

  • The global role is technical, and individuals must possess a solid understanding of cybersecurity and preferably have held positions in information security, security engineering, architecture, development, and/or systems administration.
  • 7+ years of relevant experience in Security or related field; with 3+ years of experience in vulnerability management is required.
  • 1+ years experience managing direct reports and building teams.
  • Experience stabilizing systems to run minimal application requirements, least privilege, and additional host hardening.
  • Understanding of Windows, Mac, and Linux operating systems, endpoint applications, networking protocols, and devices.
  • Experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
  • Experience conducting organization-wide vulnerability scanning and remediation processes.
  • Understanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle.
  • Proven team building and team leadership experience.
  • Strong ability to work collaboratively across teams with quickly changing priorities.
  • Experience working in financial services or financial technology desired.
  • Bachelor's degree in information security, computer science, computer engineering, or a related field.
  • Software development skills in languages such as Python, Golang, or similar are highly desirable.
  • Proficiency in Google Suite, Slack, and Apple macOS preferred.

Additional Information:

  • This position is eligible for day-one PERM sponsorship for qualified candidates.

Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages.

The compensation range below is specific to Boston, MA. Actual starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations.

Base Pay Range: $155,000 - $205,000

Annual Bonus Target: 15%

Also Included: Equity & Benefits (including medical, dental, vision and 401(k)). Circle has a discretionary vacation policy. We also provide 10 days of paid sick leave per year and 11 paid holidays per year in the U.S.

We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


We’re looking far and wide for the right people.

Circle is a remote-first company. We understand and value the work that can be done remotely. Through virtual-coffees, happy hours, trivia contests, and online meetups, we stay connected, learn from each other, and build lasting relationships with our colleagues. Post pandemic, we expect to meet one another in person for professional and social events; however, Circle will remain a remote-first company. As a global organization, we aim to find the best talent no matter where you are located, which is why we target a variety of cities across many time zones and continents. If you feel this job is right for you, select the city closest to you from the list below to apply.