Staff Application Security Engineer at Gemini
Help Us Build the Future of Money
Gemini Trust Company, LLC (Gemini) is a licensed digital asset exchange and custodian. We built the Gemini platform so customers can buy, sell, and store digital assets (e.g., Bitcoin, Ethereum, and Zcash) in a regulated, secure, and compliant manner.
Digital assets and blockchain technology have the power to transform the world for good. This truth, along with our core values, form the bedrock of our company and culture. At Gemini, no job is too small and no project too big as we endeavor to build the future of money. We are a mission-driven, team-based, inclusive, and determined community of thought leaders who invest in each other and the long game. Join us in our mission!
At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.
Select roles that are location-specific will still be eligible for flexible schedules.
The Department: Information Security
In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini’s very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the crypto space. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported.
The Role: Staff Application Security Engineer
The Application Security team at Gemini ensures that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business. We aspire to establish a "paved road" for our engineers so that they can more-easily deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL). The Application Security team considers how we’re balancing friction with security value, fighting back “security theater” by using our expertise with an empathetic, customer-service approach.
Whether we're creating educational opportunities, tailoring secure-development technologies, advising on a new product design, or leading a detailed code review, the Application Security team is focused on supporting our engineers as early-and-often as possible so that security "first principles" are integrated and verified at every stage of the development lifecycle. Success for our team is measured through a maturity model, tracking our growth as a program with capabilities that increase engineer velocity and ever-improving security.
- Support engineers across the SDL, including design reviews, threat modeling, and code audits
- Deliver automation for high-signal, low-noise security tooling to increase code base coverage
- Collaborate with product and engineering on architecting resilient, security-first services
- Build and deliver educational content to our engineers including hands-on training courses
- Partner with third-party security firms to provide external validation of software development
- Provide subject matter expertise to business partners on vendor selection as necessary
- 5+ years of experience working in application security roles or performing similar job functions
- Enjoys working directly with software engineers, including in new languages and tool chains
- Prior leadership of security design reviews, threat modeling, and defining security requirements
- Awareness of numerous vulnerability classes, with knowledge of modern mitigation techniques
- Detail-oriented communication skills via email, pull requests, and/or in-person presentations
- Able to balance a software implementation's relative risk in context to defined business goals
- Creating and extending software for development tooling to improve security automation
- Have worked directly with enterprise Scala and/or C++ code bases
- Experience exploiting and securing modern web applications.
- Experience working with low-level cryptographic implementations/primitives
- Experience with blockchain-based technologies and/or smart contracts
It Pays to Work Here
We take a holistic approach to compensation at Gemini, which includes:
- Competitive base salaries across all departments
- Ownership in the company via profit sharing units
- Amazing benefits, 401k match contribution, and flexible hours
- Snacks, Perks, Wellness Outings & Events
Gemini is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know.