Staff Platform Security Engineer

Job description

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

The Department: Platform Security

The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Staff Platform Security Engineer (Cloud/K8S)

The Platform Security team builds and delivers zero-trust foundations and paved paths so every Gemini team can ship safely on supported cloud platforms. As a Staff Cloud and Kubernetes Security Engineer, you will build security services, tools, and automation while hardening our cloud environments (primarily AWS), securing container orchestration platforms, and implementing infrastructure-as-code security guardrails. This is a hands-on engineering role where you’ll write production code daily, not just infrastructure-as-code.

You’ll design and build security platforms that scale across our engineering organization. This role requires deep technical expertise in cloud security, strong Terraform proficiency, and strong software development skills to build production services. You will partner closely with engineering teams to enable rapid, secure delivery while maintaining zero standing privilege and least-privilege access models.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Build and maintain security services, tools, and automation using Python or Go
• Design and implement security controls for AWS and Kubernetes environments using infrastructure-as-code
• Create reusable libraries, frameworks, and platforms that enable secure-by-default patterns
• Develop automated security monitoring, scanning, and remediation services
• Build CI/CD security gates and policy-as-code validation tools
• Partner with engineering teams on architecture decisions and provide security consultation
• Participate in on-call rotation for critical security incidents and infrastructure issues

Minimum Qualifications:

• Strong software development skills in Python or Go with experience building production services
• Strong experience securing AWS environments including IAM, VPC, KMS, and native security services
• Deep Terraform expertise including module development, CI/CD gates, policy testing, remote state management, and zero-downtime deployments
• Proven expertise with Kubernetes security including admission controls, RBAC, network policies, and runtime protection
• Experience with distributed systems, cloud-native architectures, and SRE principles
• Demonstrated ability to build, deploy, and maintain security tools and services in production

Preferred Qualifications:

• Experience with GCP security services and multi-cloud environments including Azure
• Knowledge of policy-as-code tools such as Open Policy Agent, Sentinel, or similar
• Experience with container security scanning, image signing, and supply chain security
• Background in incident response for cloud and container environments
• Experience with service mesh technologies and zero-trust networking
• Contributions to open source security tools or cloud security communities

It Pays to Work Here

The compensation & benefits package for this role includes:

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-ES1