The Department: Platform Security

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Staff Platform Security Engineer

The Platform Security team builds and delivers zero-trust foundations and paved paths so every Gemini team can ship safely on supported cloud platforms. As a Staff Security Engineer, you will build security services, tools, and automation while hardening our cloud environments (primarily AWS), securing container orchestration platforms, and implementing infrastructure-as-code security guardrails. This is a hands-on engineering role where you'll write production code daily, not just infrastructure-as-code.

You'll design and build security platforms that scale across our engineering organization. This role requires deep technical expertise in cloud security, strong Terraform proficiency, and strong software development skills to build production services. You will partner closely with engineering teams to enable rapid, secure delivery while maintaining zero standing privilege and least-privilege access models.

This role is required to be in person twice a week at our New York City, NY office.

Responsibilities:

• Build and maintain security services, tools, and automation using Python or Go
• Design and implement security controls for AWS and Kubernetes environments using infrastructure-as-code
• Create reusable libraries, frameworks, and platforms that enable secure-by-default patterns
• Develop automated security monitoring, scanning, and remediation services
• Build CI/CD security gates and policy-as-code validation tools
• Partner with engineering teams on architecture decisions and provide security consultation
• Participate in on-call rotation for critical security incidents and infrastructure issues

Minimum Qualifications:

• 8+ years of experience in the field
• Strong software development skills in Python or Go with experience building production services
• Strong experience securing AWS environments including IAM, VPC, KMS, and native security services
• Deep Terraform expertise including module development, CI/CD gates, policy testing, remote state management, and zero-downtime deployments
• Proven expertise with Kubernetes security including admission controls, RBAC, network policies, and runtime protection
• Experience with distributed systems, cloud-native architectures, and SRE principles
• Demonstrated ability to build, deploy, and maintain security tools and services in production

Preferred Qualifications:

• Experience with GCP security services and multi-cloud environments including Azure
• Knowledge of policy-as-code tools such as Open Policy Agent, Sentinel, or similar
• Experience with container security scanning, image signing, and supply chain security
• Background in incident response for cloud and container environments
• Experience with service mesh technologies and zero-trust networking
• Contributions to open source security tools or cloud security communities

It Pays to Work Here

The compensation & benefits package for this role includes:

• Competitive starting pay
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

#LI-AA1