Staff Enterprise Security Engineer (Client Platform)

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

The Department: Platform Security

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Staff Enterprise Security Engineer (Client Platform)

The Platform Security team builds and delivers security foundations and paved paths for Gemini's corporate endpoints and workforce. As a Staff Corporate Security Engineer focused on client platforms, you will build security services, tools, and automation while hardening our macOS fleet, securing endpoint management platforms, and implementing configuration-as-code security guardrails. This is a hands-on engineering role where you'll write production code daily using Go, Swift, Objective-C, and Python—not just configuration management.

You'll design and build endpoint security platforms that scale across our organization. This role requires deep technical expertise in macOS security internals, strong software development skills to build production services, and systems engineering experience with MDM and configuration management. You will partner closely with IT, Engineering, and GRC teams to enable secure device management while maintaining least-privilege access and zero-standing-privilege models for endpoints.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Build and maintain security services, tools, and automation using Go, Swift, Objective-C, and Python
• Design and implement endpoint security controls for macOS environments using system extensions, network extensions, and native security frameworks
• Create reusable libraries, frameworks, and platforms that enable secure-by-default patterns for client devices
• Develop automated security monitoring, scanning, and remediation services for endpoint events
• Build CI/CD pipelines for security software deployment and configuration-as-code validation
• Implement and manage MDM platforms (Jamf, Fleet) and configuration management systems (Salt, Munki)
• Architect binary authorization, DNS filtering, and application control solutions at scale
• Partner with Engineering, IT, and GRC teams on architecture decisions and provide security consultation
• Participate in on-call rotation for critical security incidents and endpoint security issues

Minimum Qualifications:

• Strong software development skills in Go, Python, Swift, or Objective-C with experience building production services
• Deep expertise securing macOS environments including Endpoint Security framework, System Extensions, Network Extensions, and TCC
• Proven experience with MDM platforms such as Jamf Pro or Fleet, including policy management and deployment at scale
• Strong configuration management experience with Salt, Puppet, or similar tools
• Experience with software packaging and deployment systems like Munki or AutoPkg
• Knowledge of cloud infrastructure (AWS) and container orchestration (Kubernetes)
• Demonstrated ability to build, deploy, and maintain security tools and services in production
• Experience with infrastructure-as-code using Terraform or similar tools

Preferred Qualifications:

• Experience building binary authorization systems such as Santa, Upvote, or Windows Defender Application Control
• Development of macOS system extensions or network extensions using Swift or Objective-C
• Experience with DNS filtering or network security tool development
• Background in incident response for macOS endpoint compromises
• Experience with osquery, Fleet, or similar endpoint visibility platforms
• Knowledge of compliance frameworks (SOC 2, ISO 27001) as they relate to endpoint security
• Experience with container security scanning and supply chain security
• Contributions to security tooling projects or client platform management communities

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-ES1