Senior Application Security Engineer - Gemini

## About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

## Responsibilities: - Lead secure design reviews, threat modeling, code review, and penetration testing for high-risk products such as crypto custody, trading systems, and payments - Build and ship code: design and build AppSec tooling including AI agents for secure design and code review, AI-enhanced SAST/DAST pipelines, and automation that eliminates repeatable security toil - Partner with engineering teams to remediate vulnerabilities and drive long-term improvements in secure coding practices

## Minimum Qualifications: - 5+ years of experience in application security or similar roles - Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset - Experience building or meaningfully contributing to security tooling and automation - Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.) - Some background in development or scripting experience (Python, Scala, C++, or JavaScript) with the ability to read and write code - Strong communication skills to influence without authority and the ability to collaborate on a cross-functional team with competing priorities ## Preferred Qualifications: - Experience building AI application security tooling using agents or skills - Experience with supply chain security, common frameworks (SLSA, OWASP SPVS) and other CI/CD security controls - Familiarity with highly regulated environments (financial services, fintech, crypto, or equivalent) and ability to understand business objectives, business context, and security risk - Experience with preventing application security vulnerabilities at scale through secure design patterns, automated tooling, or frameworks - Experience with microservice architectures and cloud-native environments

## It Pays to Work Here The compensation & benefits package for this role includes: - Competitive starting pay - A discretionary annual bonus - Long-term incentive in the form of a new hire equity grant - Comprehensive health plans - 401K with company matching - Paid Parental Leave - Flexible time off ## Salary Range The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package.

Gemini is a cryptocurrency exchange and platform that enables users to buy, sell, and trade over 70 cryptocurrencies including Bitcoin and Solana. It serves as a trusted bridge between traditional finance and the cryptoeconomy, providing access for individuals and institutions to a decentralized future.