The Department: Platform Security

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Senior Platform Security Engineer

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. As a Senior Platform Security Engineer, you will build and maintain security controls across diverse environments-from hardening cloud and container orchestration systems to enhancing our non-cloud infrastructure. This is a hands-on engineering role where you'll write production code daily, not just configuration.

You'll own security initiatives from design through production operations. This role requires strong software development skills, practical experience with AWS and Kubernetes security, and the ability to partner with engineering teams to enable secure delivery. You will also apply expertise in critical neighboring areas, including PKI, core cryptography, identity management, and network security, to ensure comprehensive protection across the stack.

This role is required to be in person twice a week at our New York City, NY office.

Responsibilities:

• Build and maintain security controls for AWS and Kubernetes (EKS) environments, including guardrails, container security scanning, and infrastructure-as-code (Terraform) security
• Support IAM initiatives by helping to design and maintain access controls, role-based access control (RBAC) models, and identity governance workflows
• Design, deploy, and maintain internal security services and platforms that other engineering teams rely on
• Act as a security partner to engineering teams, helping them make secure architecture decisions without blocking innovation
• Work across functions-partnering with AppSec, Threat Detection, and GRC-to identify and reduce risk across the entire stack
• Participate in on-call rotation for platform security incidents

Minimum Qualifications:

• 5+ years of experience in Information Security, SRE, or Systems Engineering
• Strong software development skills in Python or Go with experience building production services
• Solid experience with AWS (or similar cloud providers), including familiarity with IAM roles, VPCs, and native security controls
• Hands-on experience with Kubernetes/EKS and containerization concepts, including pod security policies and container lifecycle
• Understanding of IAM principles, RBAC, and least-privilege access models
• Proficiency in Terraform for infrastructure-as-code
• Ability to self-scope and execute technical goals with minimal supervision

Preferred Qualifications:

• Experience with identity providers (IdP) like Okta and standards like SAML/OIDC
• Experience writing Policy-as-Code (e.g., Open Policy Agent/Rego)
• Background in Linux systems engineering or network security
• Experience building and operating high-availability critical systems

It Pays to Work Here

The compensation & benefits package for this role includes:

• Competitive starting pay
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

#LI-AA1