Nifty Gateway Studio
Staff Platform Security Engineer (IAM)
Nifty Gateway Studio, San Francisco, California, United States, 94199
Staff Platform Security Engineer (IAM)
Join to apply for the
Staff Platform Security Engineer (IAM)
role at
Nifty Gateway Studio
Location:
New York, New York; San Francisco, California
About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.
Department Platform Security
Role The Platform Security team builds zero‑trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Staff IAM Security Engineer, you will build IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands‑on engineering role where you'll write production code daily, not just configuration. You'll own the full lifecycle of IAM solutions from design through production operations. This role requires strong software development skills, deep understanding of authentication protocols, and practical experience with PKI and secrets management. You'll partner with engineering teams to enable secure access patterns while maintaining usability.
NOTE: This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.
Responsibilities
Build and maintain IAM services and authentication systems using Python or Go
Design and implement workforce identity solutions with Okta and multi‑IdP architectures
Develop PKI infrastructure and certificate lifecycle management for service authentication
Create secrets management platforms with automated rotation and zero‑knowledge patterns
Build authorization services, access control systems, and policy engines
Partner with engineering teams on identity architecture and secure authentication patterns
Participate in on‑call rotation for platform security incidents
Minimum Qualifications
Strong software development skills in Python or Go with experience building production services
Deep knowledge of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn
Experience with PKI systems, certificate management, and applied cryptography
Experience with HashiCorp Vault or similar secrets management platforms
Proven expertise with AWS IAM, STS, and cloud identity services
Proficiency in Terraform for infrastructure‑as‑code
Experience building and operating high‑availability authentication services
Preferred Qualifications
Experience with Okta, Auth0, or similar enterprise IdP platforms
Knowledge of SPIFFE/SPIRE and workload identity systems
Background in zero‑trust architecture and BeyondCorp principles
Experience with hardware security modules (HSM) and key management systems
Contributions to identity or cryptography open source projects
It Pays to Work Here Compensation & Benefits Package
Competitive starting salary
A discretionary annual bonus
Long‑term incentive in the form of a new hire equity grant
Comprehensive health plans
401(k) with company matching
Paid parental leave
Flexible time off
Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California, and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.
In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in‑person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
#J-18808-Ljbffr
Staff Platform Security Engineer (IAM)
role at
Nifty Gateway Studio
Location:
New York, New York; San Francisco, California
About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.
Department Platform Security
Role The Platform Security team builds zero‑trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Staff IAM Security Engineer, you will build IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands‑on engineering role where you'll write production code daily, not just configuration. You'll own the full lifecycle of IAM solutions from design through production operations. This role requires strong software development skills, deep understanding of authentication protocols, and practical experience with PKI and secrets management. You'll partner with engineering teams to enable secure access patterns while maintaining usability.
NOTE: This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.
Responsibilities
Build and maintain IAM services and authentication systems using Python or Go
Design and implement workforce identity solutions with Okta and multi‑IdP architectures
Develop PKI infrastructure and certificate lifecycle management for service authentication
Create secrets management platforms with automated rotation and zero‑knowledge patterns
Build authorization services, access control systems, and policy engines
Partner with engineering teams on identity architecture and secure authentication patterns
Participate in on‑call rotation for platform security incidents
Minimum Qualifications
Strong software development skills in Python or Go with experience building production services
Deep knowledge of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn
Experience with PKI systems, certificate management, and applied cryptography
Experience with HashiCorp Vault or similar secrets management platforms
Proven expertise with AWS IAM, STS, and cloud identity services
Proficiency in Terraform for infrastructure‑as‑code
Experience building and operating high‑availability authentication services
Preferred Qualifications
Experience with Okta, Auth0, or similar enterprise IdP platforms
Knowledge of SPIFFE/SPIRE and workload identity systems
Background in zero‑trust architecture and BeyondCorp principles
Experience with hardware security modules (HSM) and key management systems
Contributions to identity or cryptography open source projects
It Pays to Work Here Compensation & Benefits Package
Competitive starting salary
A discretionary annual bonus
Long‑term incentive in the form of a new hire equity grant
Comprehensive health plans
401(k) with company matching
Paid parental leave
Flexible time off
Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California, and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.
In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in‑person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
#J-18808-Ljbffr