AppSec Jobs
← Back to all jobs

Gemini

Senior Application Security Engineer

New York, NYWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Gemini

Gemini is a U.S.-based cryptocurrency exchange and custodian bank founded in 2014 by Cameron and Tyler Winklevoss. The company provides a secure platform for trading, buying, staking, and managing over 70 cryptocurrencies, including Bitcoin and Solana. Headquartered in the U.S., Gemini focuses on regulated services that connect traditional finance with digital assets. Gemini offers a range of products and services, including a high-performance trading platform for buying and selling cryptocurrencies, secure staking options, and the Gemini Dollar (GUSD), a regulated stablecoin pegged to the U.S. dollar. The company also provides custody solutions for secure storage of digital assets, Gemini Clearing for off-order-book trade settlements, and a compliant wallet infrastructure supporting all listed assets. Gemini emphasizes security, compliance, and user experience to make cryptocurrency trading accessible to all.

Industry

financial services

Employees

700

268 engineers

Revenue

$153M

Website

Visit →

Security at Gemini

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Gemini's AppSec philosophy is centered on trust, stating "Trust is our product."They publicly commit to third-party assessments like SOC1/SOC2, ISO27001, and annual penetration testing.
  • Their approach to working with developers emphasizes enablement, building "paved roads"and "secure-by-default frameworks,"and providing "hands-on application security training."The risk philosophy includes threat modeling, architecture reviews, and secure SDLC guardrails.

Security Team

The Gemini Security Team is integrated into all company operations. Key public-facing leaders include David Damato, Chief Security Officer, who brings over 20 years of security leadership. The careers page lists "Security (10)"as a category, indicating active hiring. Multiple AppSec job postings (Senior, Staff, Staff Blockchain Security Engineer) are active. The exact organizational chart, explicit reporting lines, and total team size beyond open roles are not publicly available.

Key Initiatives

  • Gemini has a vulnerability management process with explicit SLAs for bug bounty submissions: acknowledgment within 3 business days, triage within 15 business days, and reward payout within 30 business days.
  • They encourage contributions from security researchers.
  • Their Secure SDLC includes architecture reviews, threat modeling, code reviews, and penetration testing, with a focus on evolving guardrails.
  • They also aim to research, build, and drive adoption of high-signal application security automation and perform deep-dive security reviews.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.