Gemini is a global crypto and Web3 platform offering secure crypto products and services. As a Senior Application Security Engineer, you will collaborate with teams to design and build secure products, ensuring security is integrated throughout the development process.
Responsibilities:
- Lead secure design reviews, threat modeling, code review, and penetration testing for high-risk products such as crypto custody, trading systems, and payments
- Build and ship code: design and build AppSec tooling including AI agents for secure design and code review, AI-enhanced SAST/DAST pipelines, and automation that eliminates repeatable security toil
- Partner with engineering teams to remediate vulnerabilities and drive long-term improvements in secure coding practices
Requirements:
- 5+ years of experience in application security or similar roles
- Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
- Experience building or meaningfully contributing to security tooling and automation
- Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
- Some background in development or scripting experience (Python, Scala, C++, or JavaScript) with the ability to read and write code
- Strong communication skills to influence without authority and the ability to collaborate on a cross-functional team with competing priorities
- Experience building AI application security tooling using agents or skills
- Experience with supply chain security, common frameworks (SLSA, OWASP SPVS) and other CI/CD security controls
- Familiarity with highly regulated environments (financial services, fintech, crypto, or equivalent) and ability to understand business objectives, business context, and security risk
- Experience with preventing application security vulnerabilities at scale through secure design patterns, automated tooling, or frameworks
- Experience with microservice architectures and cloud-native environments