Gemini
Senior Application Security Engineer
At a Glance
About This Role
Responsibilities
- Perform deep-dive security reviews to ensure all Gemini products and services follow secure design principles
- Conduct threat modeling and code reviews
- Perform penetration testing
- Build AppSec tooling including AI agents
- Participate in secure design reviews
- Defend applications from sophisticated targeted attacks
Requirements
- Secure design principles knowledge
- Threat modeling expertise
- Code review proficiency
- Penetration testing experience
- Python/scripting capabilities
- AppSec tooling development experience
- AI/GenAI familiarity
About Gemini
Gemini is a U.S.-based cryptocurrency exchange and custodian bank founded in 2014 by Cameron and Tyler Winklevoss. The company provides a secure platform for trading, buying, staking, and managing over 70 cryptocurrencies, including Bitcoin and Solana. Headquartered in the U.S., Gemini focuses on regulated services that connect traditional finance with digital assets. Gemini offers a range of products and services, including a high-performance trading platform for buying and selling cryptocurrencies, secure staking options, and the Gemini Dollar (GUSD), a regulated stablecoin pegged to the U.S. dollar. The company also provides custody solutions for secure storage of digital assets, Gemini Clearing for off-order-book trade settlements, and a compliant wallet infrastructure supporting all listed assets. Gemini emphasizes security, compliance, and user experience to make cryptocurrency trading accessible to all.
Security at Gemini
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Gemini's AppSec philosophy is centered on trust, stating "Trust is our product."They publicly commit to third-party assessments like SOC1/SOC2, ISO27001, and annual penetration testing.
- Their approach to working with developers emphasizes enablement, building "paved roads"and "secure-by-default frameworks,"and providing "hands-on application security training."The risk philosophy includes threat modeling, architecture reviews, and secure SDLC guardrails.
Security Team
The Gemini Security Team is integrated into all company operations. Key public-facing leaders include David Damato, Chief Security Officer, who brings over 20 years of security leadership. The careers page lists "Security (10)"as a category, indicating active hiring. Multiple AppSec job postings (Senior, Staff, Staff Blockchain Security Engineer) are active. The exact organizational chart, explicit reporting lines, and total team size beyond open roles are not publicly available.
Key Initiatives
- Gemini has a vulnerability management process with explicit SLAs for bug bounty submissions: acknowledgment within 3 business days, triage within 15 business days, and reward payout within 30 business days.
- They encourage contributions from security researchers.
- Their Secure SDLC includes architecture reviews, threat modeling, code reviews, and penetration testing, with a focus on evolving guardrails.
- They also aim to research, build, and drive adoption of high-signal application security automation and perform deep-dive security reviews.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn