Principal Platform Security Engineer (IAM)

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure.

The Department: Platform Security

The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Principal Platform Security Engineer (IAM)

The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Principal IAM Security Engineer, you will architect enterprise identity platforms that define how Gemini manages authentication and authorization across all systems. You will set technical standards for IAM, design foundational identity services used organization-wide, and lead strategic initiatives that transform our security posture. This is a hands-on technical leadership role where you'll write production code daily while driving multi-quarter identity initiatives.

You'll own the technical vision for identity architecture, influence authentication practices across the organization, and build platforms that make zero-trust access patterns the default. This role requires exceptional software development skills, mastery of authentication protocols and applied cryptography, and proven ability to build IAM platforms that scale across hundreds of services and thousands of users.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Build enterprise IAM platforms that scale across the organization
• Set technical standards for authentication, authorization, and identity management
• Design foundational PKI infrastructure and secrets management platforms
• Lead strategic initiatives spanning workforce identity, workload authentication, and zero-trust access
• Drive adoption of modern authentication patterns and deprecation of legacy methods
• Mentor engineers across teams on identity architecture and cryptographic best practices
• Participate in on-call rotation for platform security incidents

Minimum Qualifications:

• Exceptional software development skills in Python or Go with proven track record of building IAM platforms
• Mastery of identity protocols including OAuth2, SAML, OpenID Connect, WebAuthn, and emerging standards
• Deep expertise in PKI architecture, certificate lifecycle management, and applied cryptography
• Extensive experience with enterprise IdP platforms and multi-IdP federation architectures
• Strong experience with HashiCorp Vault or similar enterprise secrets management platforms
• Proven expertise with AWS IAM at scale, including cross-account architectures and permission boundaries
• Track record of leading identity transformation initiatives in complex environments

Preferred Qualifications:

• Experience building identity platforms serving 500+ engineers or 100+ services
• Contributions to identity standards or major open source IAM projects
• Experience with SPIFFE/SPIRE and cloud-native workload identity
• Published research, conference talks, or thought leadership in identity and access management
• Experience with hardware security modules and key management systems
• Background in zero-trust architecture implementation at enterprise scale

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $192,500 - $275,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, employees within the New York, Seattle, San Francisco, and Miami metropolitan areas are expected to work from the designated office on a hybrid cadence, unless there is a job-specific requirement to be in the office every work day. We believe our hybrid approach for those near our NYC, Seattle, San Francisco, and Miami offices increases productivity through more in-person collaboration where possible. Employees outside of these areas are considered part of our remote-first workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-ES1