Staff Blockchain Security Engineer

Gemini•San Francisco, NY

18d•Hybrid

About The Position

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security The Role: Staff Blockchain Security Engineer As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities. As a Staff Blockchain Security Engineer on the Application Security team focusing on blockchain security, you will work closely with on-chain engineering and product teams to provide security recommendations and identify security issues throughout the on-chain software development lifecycle. You will lead security reviews of Web3 products, integrate secure development practices into our on-chain SDLC, and develop tooling to identify, mitigate, and monitor blockchain-specific threats. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Requirements

8+ years of experience in application security, Web3 security, or similar roles
Strong background in Web3 security reviews such as smart contract audits, blockchain protocols, and dApps
Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
Experience with secure key management and wallet systems
Familiarity with blockchain security tools (slither, echidna, etc)
Some background in development or scripting experience (Python, Scala, C++, JavaScript, etc.)
Familiarity with and ability to understand business objectives, business context, and security risk
Strong communication skills and the ability to collaborate on a cross-functional team

Nice To Haves

Experience with formal verification of smart contracts
Prior experience in cryptocurrency exchanges, DeFi platforms, or NFT marketplaces
Active contributor to blockchain security communities, bug bounty programs, or published exploit research
Ability to define and execute a long-term blockchain security roadmap in partnership with engineering leadership

Responsibilities

Lead in-depth security reviews of smart contracts, blockchain protocols, and Web3 applications for architectural flaws, security vulnerabilities, and best practice violations
Collaborate and advise on-chain engineering teams on Web3 security best practices and vulnerability remediation
Design and implement secure on-chain SDLC processes for on-chain product teams
Develop, maintain, and improve security tooling for blockchain ecosystems (fuzzers, static analysis, etc.)
Partner with legal, compliance, and risk teams to address security, regulatory, and operational risks of blockchain features