Note: The job is a remote job and is open to candidates in USA. Gemini is a global crypto and Web3 platform offering secure crypto products and services. As a Senior Application Security Engineer, you will collaborate with teams to design and build secure products, ensuring security is integrated throughout the development process.
Responsibilities
- Lead secure design reviews, threat modeling, code review, and penetration testing for high-risk products such as crypto custody, trading systems, and payments
- Build and ship code: design and build AppSec tooling including AI agents for secure design and code review, AI-enhanced SAST/DAST pipelines, and automation that eliminates repeatable security toil
- Partner with engineering teams to remediate vulnerabilities and drive long-term improvements in secure coding practices
Skills
- 5+ years of experience in application security or similar roles
- Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
- Experience building or meaningfully contributing to security tooling and automation
- Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
- Some background in development or scripting experience (Python, Scala, C++, or JavaScript) with the ability to read and write code
- Strong communication skills to influence without authority and the ability to collaborate on a cross-functional team with competing priorities
- Experience building AI application security tooling using agents or skills
- Experience with supply chain security, common frameworks (SLSA, OWASP SPVS) and other CI/CD security controls
- Familiarity with highly regulated environments (financial services, fintech, crypto, or equivalent) and ability to understand business objectives, business context, and security risk
- Experience with preventing application security vulnerabilities at scale through secure design patterns, automated tooling, or frameworks
- Experience with microservice architectures and cloud-native environments
Benefits
- A discretionary annual bonus
- Long-term incentive in the form of a new hire equity grant
- Comprehensive health plans
- 401K with company matching
- Paid Parental Leave
- Flexible time off
- In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.
Company Overview
Company H1B Sponsorship