Staff Security Engineer


CircleCI is looking for an experienced Security Engineer capable of advancing security across our entire platform–from our single-page web app to the containers in our build system. You will work closely with Software Engineering and SRE, embracing a "shift left" mentality to ensure that engineers own the security of their own code from design into production. You will also work with our 3rd-party partners to manage layers of production security and our ongoing penetration testing program.

We are proud to foster a workplace free from discrimination. We strongly believe that diversity of experience, perspectives, and background will lead to a better environment for our employees and a better product for our users.

About CircleCI

Velocity is critical for software teams in today's competitive landscape, but maintaining speed can be difficult as apps and systems grow larger and more complex. CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process. CircleCI enables developers to detect and fix bugs before they even reach customers. Thousands of leading companies including Facebook, Kickstarter, Shyp and Spotify rely on CircleCI to accelerate delivery of their code and enable developers to focus on creating business value fast.

What will make you successful:

  • Deep understanding of the fundamentals of security at multiple layers of abstraction, from operating systems to applications
  • Collaborative approach to mentoring software engineers on the development of secure code
  • Ability to develop a comprehensive view of a complete software system and the core interactions within that system
  • Passion for modern software development and operation, including agile, CI/CD, and infrastructure-as-code
  • Experience with the specific security implications of operating in a cloud environment
  • Systematic problem solving approach, coupled with a strong sense of ownership and drive
  • Proficiency in one or more of: Clojure, Go, Java, C, C++
  • A strong desire for continuous improvement
  • 8+ years of experience in software, 2+ in security

What you will do:

  • Support and advise software engineering teams in the design of secure software
  • Work with 3rd-party partners to manage our ongoing penetration testing program
  • Recommend and deploy tooling to manage security in the delivery pipeline as well as production systems
  • Design and deliver shared libraries and services to support security requirements within our platform
  • Engage with large customers as needed to advise them on security practices when deploying our solutions
  • Diagnose and resolve security issues in conjunction with software engineering teams
  • Participate in defining security-related end user features in the CircleCI product

We care deeply about diversity and inclusivity. We’re hiring at all experience levels, and seek talented teammates from a wide variety of backgrounds and experiences who are equally committed to cultivating a work environment of respect and kindness. We carefully consider every applicant that takes the time to apply.

CircleCI is a Bay Area Best Places to Work 2016 award winner. Founded in 2011 and headquartered in beautiful downtown San Francisco with a global remote workforce, CircleCI is venture backed by Scale Venture Partners, DFJ, Baseline Ventures and Harrison Metal Capital.

If you’re interested in joining the team at CircleCI, please send a resumé and let us know why you’d be a great fit for our team. If you contribute to an open source project, write a blog, or have a presence on the web (Twitter, GitHub, LinkedIn, etc.) we would love to hear about it.

View this job on