Remote Senior Principal Security Engineer, Applied Cryptography and Authentication
at Gemini

Summary

Join Gemini's Platform Security team as a Senior Principal Security Engineer (Applied Cryptography and Authentication) to enhance the security of Gemini’s infrastructure through cryptographic expertise and the development of cutting edge authentication mechanisms.

Requirements

• 15+ years of experience in the field
• Extensive experience in designing, deploying, and managing PKI systems, including certificate authorities, registration authorities, and certificate lifecycle management
• Deep knowledge of identity and access management technologies, protocols, and standards including WebAuthn/FIDO2, OAuth2/OpenID Connect, passkeys, PKCS #11, SAML, SCIM, RADIUS, LDAP, and X.509
• Significant experience with container orchestration technologies and relevant security considerations. We often use Kubernetes and EKS
• Significant experience with distributed systems or cloud computing, and the relevant security best practices. We often use AWS
• Significant software development experience. We often use Python or Go
• Experience building and owning high-availability critical systems or cloud-based services
• Able to self-scope, define, and manage short and long term technical goals

Responsibilities

• Lead PKI Architecture and Engineering: Design, implement, and maintain a robust PKI infrastructure that supports the secure issuance, management, and revocation of digital certificates
• Harden secrets management: Enhance the security posture of our secrets management platforms by implementing best practices and advanced cryptographic controls
• Provide expertise in applied cryptography: Apply cryptographic principles to ensure the confidentiality, integrity, and authenticity of sensitive data at rest and in transit
• Eliminate insecure authentication practices: Drive the removal of shared/static credentials and transition to a scalable, user-friendly multi-factor authentication (MFA) solution
• Partner with engineering teams: Collaborate with engineering teams on security architecture and implementation decisions related to access management, cryptography, and related areas of infrastructure security
• Contribute to security risk reduction: Work with AppSec, Threat Detection, Incident Response, GRC, and other security teams to identify, assess, and mitigate security risks

Preferred Qualifications

• Experience designing and implementing cryptographic infrastructure at scale such as PKI, secrets management, authentication, or secure data storage/transmission
• Experience designing and implementing systems for identity and access management
• Experience with configuration management and infrastructure as code. We often use Terraform
• Experience with SPIFFE/SPIRE
• Significant experience with Hashicorp Vault

Benefits

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off