Senior IAM Security Engineer

Gemini•San Francisco, CA

2h•$140,000 - $200,000•Hybrid

About The Position

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Platform Security The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Senior IAM Security Engineer The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Senior IAM Security Engineer, you will contribute to building IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands-on engineering role where you'll write production code daily, not just configuration. You'll participate in the development and operation of IAM solutions from design through production. This role requires solid software development skills, strong understanding of authentication protocols, and hands-on experience with PKI and secrets management. You'll collaborate with engineering teams to implement secure access patterns while maintaining usability. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Requirements

Solid software development skills in Python or Go with experience building production services
Strong understanding of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn
Hands-on experience with PKI systems, certificate management, and practical knowledge of cryptography
Experience with HashiCorp Vault or similar secrets management platforms
Working knowledge of AWS IAM, STS, and cloud identity services
Proficiency in Terraform for infrastructure-as-code
Experience supporting high-availability authentication services

Nice To Haves

Experience with Okta, Auth0, or similar enterprise IdP platforms
Familiarity with SPIFFE/SPIRE and workload identity systems
Understanding of zero-trust architecture and BeyondCorp principles
Experience with hardware security modules (HSM) and key management systems
Interest in contributing to identity or cryptography open source projects

Responsibilities

Develop and maintain IAM services and authentication systems using Python or Go
Implement workforce identity solutions with Okta and multi-IdP architectures
Build and support PKI infrastructure and certificate lifecycle management for service authentication
Contribute to secrets management platforms with automated rotation and zero-knowledge patterns
Implement authorization services, access control systems, and policy engines
Collaborate with engineering teams on identity implementation and secure authentication patterns
Participate in on-call rotation for platform security incidents