Senior Platform Security Engineer

<p><strong>About the Company</strong></p> <p>Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.</p> <p><span style="font-weight: 400;"><strong>The Department: Platform Security</strong></span></p> <p>The Platform Security team secures Gemini's infrastructure through service hardening and&nbsp;by developing and supporting a suite of foundational tools. We provide secure-by-default&nbsp;infrastructure, consumable security services, and expert consultation to engineering teams&nbsp;for secure cloud and non-cloud infrastructure.</p> <p><span style="font-weight: 400;"><strong>The Role: Senior Platform Security Engineer</strong></span></p> <p>The Platform Security team secures Gemini's infrastructure through service hardening and&nbsp;by developing and supporting a suite of foundational tools. As a Senior Platform Security&nbsp;Engineer, you will build and maintain security controls across diverse environments—from&nbsp;hardening cloud and container orchestration systems to enhancing our non-cloud&nbsp;infrastructure. This is a hands-on engineering role where you'll write production code daily,&nbsp;not just configuration.</p> <p>You'll own security initiatives from design through production operations. This role requires strong software development skills, practical experience with AWS and Kubernetes security, and the ability to partner with engineering teams to enable secure delivery. You will also apply expertise in critical neighboring areas, including PKI, core cryptography, identity management, and network security, to ensure comprehensive protection across the stack.</p> <p><span style="font-weight: 400;"><em>This role is required to be in person twice a week at our New York City, NY office.</em></span></p> <p><span style="font-weight: 400;"><strong>Responsibilities:</strong></span></p> <ul> <li style="font-weight: 400;">Build and maintain security controls for AWS and Kubernetes (EKS) environments,&nbsp;including guardrails, container security scanning, and infrastructure-as-code&nbsp;(Terraform) security</li> <li style="font-weight: 400;">Support IAM initiatives by helping to design and maintain access controls, role-based access control (RBAC) models, and identity governance workflows</li> <li style="font-weight: 400;">Design, deploy, and maintain internal security services and platforms that other engineering teams rely on</li> <li style="font-weight: 400;">Act as a security partner to engineering teams, helping them make secure architecture decisions without blocking innovation</li> <li style="font-weight: 400;">Work across functions—partnering with AppSec, Threat Detection, and GRC—to identify and reduce risk across the entire stack</li> <li style="font-weight: 400;">Participate in on-call rotation for platform security incidents</li> </ul> <p><strong>Minimum Qualifications:</strong></p> <ul> <li style="font-weight: 400;">5+ years of experience in Information Security, SRE, or Systems Engineering</li> <li style="font-weight: 400;">Strong software development skills in Python or Go with experience building production services</li> <li style="font-weight: 400;">Solid experience with AWS (or similar cloud providers), including familiarity with IAM roles, VPCs, and native security controls</li> <li style="font-weight: 400;">Hands-on experience with Kubernetes/EKS and containerization concepts, including pod security policies and container lifecycle</li> <li style="font-weight: 400;">Understanding of IAM principles, RBAC, and least-privilege access models</li> <li style="font-weight: 400;">Proficiency in Terraform for infrastructure-as-code</li> <li style="font-weight: 400;">Ability to self-scope and execute technical goals with minimal supervision</li> </ul> <p><strong>Preferred Qualifications:</strong></p> <ul> <li>Experience with identity providers (IdP) like Okta and standards like SAML/OIDC</li> <li>Experience writing Policy-as-Code (e.g., Open Policy Agent/Rego)</li> <li>Background in Linux systems engineering or network security</li> <li>Experience building and operating high-availability critical systems</li> </ul> <div class="p-rich_text_section"><strong data-stringify-type="bold">It Pays to Work Here</strong></div> <div class="p-rich_text_section">&nbsp;</div> <div class="p-rich_text_section">The compensation &amp; benefits package for this role includes:</div> <ul class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="0" data-border="0"> <li data-stringify-indent="0" data-stringify-border="0">Competitive starting pay</li> <li data-stringify-indent="0" data-stringify-border="0">A discretionary annual bonus</li> <li data-stringify-indent="0" data-stringify-border="0">Long-term incentive in the form of a new hire equity grant</li> <li data-stringify-indent="0" data-stringify-border="0">Comprehensive health plans</li> <li data-stringify-indent="0" data-stringify-border="0">401K with company matching</li> <li data-stringify-indent="0" data-stringify-border="0">Paid Parental Leave</li> <li data-stringify-indent="0" data-stringify-border="0">Flexible time off</li> </ul> <p><strong>Salary Range</strong>: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.</p> <p><em>In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.</em></p> <p><em><span style="font-weight: 400;">At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.</span></em></p> <p><em><span style="font-weight: 400;">#LI-AA1</span></em></p>