Senior Application Security Engineer

Job Description

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security Gemini operates at the intersection of financial services and emerging technology where the consequences of security failure are measured in customer trust and regulatory standing. The Application Security (AppSec) team exists to make sure security is never an afterthought. We are on a mission to secure products at the time of thought and the time of build: at the product requirements doc, the technical architectural decision, at the line of code. We believe that security input is most valuable before the work is done and after-the-fact is too late and too expensive. The Role: Senior Application Security Engineer As a Senior Application Security Engineer on the Application Security team, you will be a trusted partner to engineering, product, and business teams across Gemini. You will help guide teams to design and build secure products while building systems and culture that embed security judgment into every team. Gemini is AI-first and AppSec builds the tools to make this vision secure. This role is required to be in person twice a week at our New York City, NY office. Responsibilities: Lead secure design reviews, threat modeling, code review, and penetration testing for high-risk products such as crypto custody, trading systems, and payments Build and ship code: design and build AppSec tooling including AI agents for secure design and code review, AI-enhanced SAST/DAST pipelines, and automation that eliminates repeatable security toil Partner with engineering teams to remediate vulnerabilities and drive long-term improvements in secure coding practices Minimum Qualifications: 5+ years of experience in application security or similar roles Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset Experience building or meaning

Required Skills