Nifty Gateway Studio
Staff Platform Security Engineer (Cloud/K8S)
Nifty Gateway Studio, San Francisco, California, United States, 94199
Overview
Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014. Gemini offers secure and reliable crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future.
Location New York, New York or San Francisco, California. Remote work is available for candidates who do not live near a hub.
Role: Staff Platform Security Engineer (Cloud/K8S) The Platform Security team builds and delivers zero‑trust foundations to enable safe delivery on supported cloud platforms. As a Staff Cloud & Kubernetes Security Engineer, you will build security services, tools, and automation while hardening our cloud environments (primarily AWS), securing container orchestration platforms, and implementing IaC security guardrails.
Responsibilities
Build and maintain security services, tools, and automation using Python or Go.
Design and implement security controls for AWS and Kubernetes environments using infrastructure‑as‑code.
Create reusable libraries, frameworks, and platforms that enable secure‑by‑default patterns.
Develop automated security monitoring, scanning, and remediation services.
Build CI/CD security gates and policy‑as‑code validation tools.
Partner with engineering teams on architecture decisions and provide security consultation.
Participate in on‑call rotation for critical security incidents and infrastructure issues.
Minimum Qualifications
Strong software development skills in Python or Go with experience building production services.
Extensive experience securing AWS environments including IAM, VPC, KMS, and native security services.
Deep Terraform expertise—including module development, CI/CD gates, policy testing, remote state management, and zero‑downtime deployments.
Proven expertise with Kubernetes security (admission controls, RBAC, network policies, runtime protection).
Experience with distributed systems, cloud‑native architectures, and SRE principles.
Demonstrated ability to build, deploy, and maintain security tools and services in production.
Preferred Qualifications
Experience with GCP security services and multi‑cloud environments such as Azure.
Knowledge of policy‑as‑code tools such as Open Policy Agent, Sentinel, or similar.
Experience with container security scanning, image signing, and supply chain security.
Background in incident response for cloud and container environments.
Experience with service mesh technologies and zero‑trust networking.
Contributions to open source security tools or cloud security communities.
Benefits
Competitive starting salary.
A discretionary annual bonus.
Long‑term incentive in the form of a new hire equity grant.
Comprehensive health plans.
401(k) with company matching.
Paid parental leave.
Flexible time off.
Compensation The base salary range for this role is $168,000 – $240,000 in New York, California, and Washington. This range does not include discretionary bonus or equity.
Work Arrangement This role requires presence twice a week at either the San Francisco, CA or New York City, NY office. Hybrid work is available for candidates who do not live near a hub.
Equal Employment Opportunity At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
#J-18808-Ljbffr
Location New York, New York or San Francisco, California. Remote work is available for candidates who do not live near a hub.
Role: Staff Platform Security Engineer (Cloud/K8S) The Platform Security team builds and delivers zero‑trust foundations to enable safe delivery on supported cloud platforms. As a Staff Cloud & Kubernetes Security Engineer, you will build security services, tools, and automation while hardening our cloud environments (primarily AWS), securing container orchestration platforms, and implementing IaC security guardrails.
Responsibilities
Build and maintain security services, tools, and automation using Python or Go.
Design and implement security controls for AWS and Kubernetes environments using infrastructure‑as‑code.
Create reusable libraries, frameworks, and platforms that enable secure‑by‑default patterns.
Develop automated security monitoring, scanning, and remediation services.
Build CI/CD security gates and policy‑as‑code validation tools.
Partner with engineering teams on architecture decisions and provide security consultation.
Participate in on‑call rotation for critical security incidents and infrastructure issues.
Minimum Qualifications
Strong software development skills in Python or Go with experience building production services.
Extensive experience securing AWS environments including IAM, VPC, KMS, and native security services.
Deep Terraform expertise—including module development, CI/CD gates, policy testing, remote state management, and zero‑downtime deployments.
Proven expertise with Kubernetes security (admission controls, RBAC, network policies, runtime protection).
Experience with distributed systems, cloud‑native architectures, and SRE principles.
Demonstrated ability to build, deploy, and maintain security tools and services in production.
Preferred Qualifications
Experience with GCP security services and multi‑cloud environments such as Azure.
Knowledge of policy‑as‑code tools such as Open Policy Agent, Sentinel, or similar.
Experience with container security scanning, image signing, and supply chain security.
Background in incident response for cloud and container environments.
Experience with service mesh technologies and zero‑trust networking.
Contributions to open source security tools or cloud security communities.
Benefits
Competitive starting salary.
A discretionary annual bonus.
Long‑term incentive in the form of a new hire equity grant.
Comprehensive health plans.
401(k) with company matching.
Paid parental leave.
Flexible time off.
Compensation The base salary range for this role is $168,000 – $240,000 in New York, California, and Washington. This range does not include discretionary bonus or equity.
Work Arrangement This role requires presence twice a week at either the San Francisco, CA or New York City, NY office. Hybrid work is available for candidates who do not live near a hub.
Equal Employment Opportunity At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
#J-18808-Ljbffr