Staff Security Engineer, Nifty Gateway
Gemini (View all Jobs)
New York, New York; Portland, Oregon; Chicago, Illinois; Los Angeles, California; San Francisco, California; Remote
1. Phone chat 2. Take-home project 3. Discussion on-site. Questions on prior experiences and culture fit
Programming Languages Mentioned
Empower the Individual Through Crypto
Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto.
Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement.
At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.
Select roles that are location-specific will still be eligible for flexible schedules.
About Nifty Gateway
Nifty Gateway is the premiere, all-in-one platform that makes it easy to buy, sell, and store digital art and collectibles, otherwise known as Nifties (or NFTs). Nifty Gateway was founded by Duncan and Griffin Cock Foster in 2018, and acquired by Gemini in 2019, with the belief that crypto networks and the blockchain have the power to fundamentally change the art world by creating greater choice, independence, and opportunity for artists, creators, and collectors.
The Department: Information Security
In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini’s very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the crypto space. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported.
The Role: Staff Application Security Engineer
The Nifty Gateway Security team at Gemini ensures that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business. We aspire to establish a "paved road" for our engineers so that they can more-easily deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL).
Whether we're creating educational opportunities, tailoring secure-development technologies, advising on a new product design, or leading a detailed code review, the Nifty Gateway Security team is focused on supporting our engineers as early-and-often as possible so that security "first principles" are integrated and verified at every stage of the development lifecycle. Success for our team is measured through a maturity model, tracking our growth as a program with capabilities that increase engineer velocity and ever-improving security.
- Support engineers across the SDL, including design reviews, threat modeling, and code audits
- Collaborate with engineering teams to educate and assist them in mitigating vulnerabilities applicable to Nifty Gateway’s platform.
- Design and review secure and scalable architecture to support security requirements of our engineers and an active and growing user base.
- Partner with third-party security firms to provide external validation of software development
- Provide subject matter expertise to business partners on vendor selection as necessary
- 5+ years of experience working in application security roles or performing similar job functions
- Enjoys working directly with software engineers, including in new languages and tool chains
- Prior leadership of security design reviews, threat modeling, and defining security requirements
- Awareness of numerous vulnerability classes, with knowledge of modern mitigation techniques
- Detail-oriented communication skills via email, pull requests, and/or in-person presentations
- Able to balance a software implementation's relative risk in context to defined business goals
- Creating and extending software for development tooling to improve security automation
- Have worked directly with enterprise Django, Python and/or React code bases
- Experience working in AWS environments
- Hands-on experience in multiple security disciplines such as application security, infrastructure security, and/or threat detection and response
- Experience with blockchain-based technologies and/or smart contracts
It Pays to Work Here
We take a holistic approach to compensation at Gemini, which includes:
- Competitive Compensation and Profit-Sharing Equity
- Flexible vacation policy
- Retirement Plan Matching
- Generous Parental leave
- Comprehensive health plans
- Training and professional development
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.
Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄