Principal Platform Security Engineer (IAM)

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

The Department: Platform Security

The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Principal Platform Security Engineer (IAM)

The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Principal IAM Security Engineer, you will architect enterprise identity platforms that define how Gemini manages authentication and authorization across all systems. You will set technical standards for IAM, design foundational identity services used organization-wide, and lead strategic initiatives that transform our security posture. This is a hands-on technical leadership role where you'll write production code daily while driving multi-quarter identity initiatives.

You'll own the technical vision for identity architecture, influence authentication practices across the organization, and build platforms that make zero-trust access patterns the default. This role requires exceptional software development skills, mastery of authentication protocols and applied cryptography, and proven ability to build IAM platforms that scale across hundreds of services and thousands of users.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Build enterprise IAM platforms that scale across the organization
• Set technical standards for authentication, authorization, and identity management
• Design foundational PKI infrastructure and secrets management platforms
• Lead strategic initiatives spanning workforce identity, workload authentication, and zero-trust access
• Drive adoption of modern authentication patterns and deprecation of legacy methods
• Mentor engineers across teams on identity architecture and cryptographic best practices
• Participate in on-call rotation for platform security incidents

Minimum Qualifications:

• Exceptional software development skills in Python or Go with proven track record of building IAM platforms
• Mastery of identity protocols including OAuth2, SAML, OpenID Connect, WebAuthn, and emerging standards
• Deep expertise in PKI architecture, certificate lifecycle management, and applied cryptography
• Extensive experience with enterprise IdP platforms and multi-IdP federation architectures
• Strong experience with HashiCorp Vault or similar enterprise secrets management platforms
• Proven expertise with AWS IAM at scale, including cross-account architectures and permission boundaries
• Track record of leading identity transformation initiatives in complex environments

Preferred Qualifications:

• Experience building identity platforms serving 500+ engineers or 100+ services
• Contributions to identity standards or major open source IAM projects
• Experience with SPIFFE/SPIRE and cloud-native workload identity
• Published research, conference talks, or thought leadership in identity and access management
• Experience with hardware security modules and key management systems
• Background in zero-trust architecture implementation at enterprise scale

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $192,500 - $275,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.