Senior Principal Security Engineer (Applied Cryptography and Authentication)
Company: Gemini
Gemini makes crypto simple. Find, trade, and buy over 80 coins including bitcoin on the best cryptocurrency platform.
Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. We offer a wide range of crypto products and services for individuals and institutions in over 70 countries.
At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.
The Department: Platform Security
The Role: Senior Principal Security Engineer (Applied Cryptography and Authentication)
The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. This role is critical to enhance the security of Gemini’s infrastructure through cryptographic expertise and the development of cutting-edge authentication mechanisms.
Responsibilities:
- Lead PKI Architecture and Engineering: Design, implement, and maintain a robust PKI infrastructure that supports the secure issuance, management, and revocation of digital certificates.
- Harden secrets management: Enhance the security posture of our secrets management platforms by implementing best practices and advanced cryptographic controls.
- Provide expertise in applied cryptography: Apply cryptographic principles to ensure the confidentiality, integrity, and authenticity of sensitive data at rest and in transit.
- Eliminate insecure authentication practices: Drive the removal of shared/static credentials and transition to a scalable, user-friendly multi-factor authentication (MFA) solution.
- Partner with engineering teams: Collaborate on security architecture and implementation decisions related to access management, cryptography, and infrastructure security.
- Contribute to security risk reduction: Work with AppSec, Threat Detection, Incident Response, GRC, and other security teams to identify, assess, and mitigate security risks.
Minimum Qualifications:
- 15+ years of experience in the field.
- Extensive experience in designing, deploying, and managing PKI systems, including certificate authorities, registration authorities, and certificate lifecycle management.
- Deep knowledge of identity and access management technologies, protocols, and standards including WebAuthn/FIDO2, OAuth2/OpenID Connect, passkeys, PKCS #11, SAML, SCIM, RADIUS, LDAP, and X.509.
- Significant experience with container orchestration technologies and relevant security considerations, particularly Kubernetes and EKS.
- Significant experience with distributed systems or cloud computing, particularly AWS.
- Significant software development experience, particularly in Python or Go.
- Experience building and owning high-availability critical systems or cloud-based services.
- Able to self-scope, define, and manage short and long-term technical goals.
Preferred Qualifications:
- Experience designing and implementing cryptographic infrastructure at scale such as PKI, secrets management, authentication, or secure data storage/transmission.
- Experience with configuration management and infrastructure as code, particularly Terraform.
- Experience with SPIFFE/SPIRE.
- Significant experience with Hashicorp Vault.
It Pays to Work Here
- Competitive starting salary
- A discretionary annual bonus
- Long-term incentive in the form of a new hire equity grant
- Comprehensive health plans
- 401K with company matching
- Paid Parental Leave
- Flexible time off
Salary Range: The base salary range for this role is between $248,000 - $310,000 in New York, California, and Washington. This range is not inclusive of our discretionary bonus or equity package.
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status.
#J-18808-Ljbffr