Summary

The Department: Platform Security

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Senior IAM Security Engineer

The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Senior IAM Security Engineer, you will contribute to building IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands-on engineering role where you'll write production code daily, not just configuration.

You'll participate in the development and operation of IAM solutions from design through production. This role requires solid software development skills, strong understanding of authentication protocols, and hands-on experience with PKI and secrets management. You'll collaborate with engineering teams to implement secure access patterns while maintaining usability.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

1. Develop and maintain IAM services and authentication systems using Python or Go
2. Implement workforce identity solutions with Okta and multi-IdP architectures
3. Build and support PKI infrastructure and certificate lifecycle management for service authentication
4. Contribute to secrets management platforms with automated rotation and zero-knowledge patterns
5. Implement authorization services, access control systems, and policy engines
6. Collaborate with engineering teams on identity implementation and secure authentication patterns
7. Participate in on-call rotation for platform security incidents

Minimum Qualifications:

1. Solid software development skills in Python or Go with experience building production services
2. Strong understanding of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn
3. Hands-on experience with PKI systems, certificate management, and practical knowledge of cryptography
4. Experience with HashiCorp Vault or similar secrets management platforms
5. Working knowledge of AWS IAM, STS, and cloud identity services
6. Proficiency in Terraform for infrastructure-as-code
7. Experience supporting high-availability authentication services

Preferred Qualifications:

1. Experience with Okta, Auth0, or similar enterprise IdP platforms
2. Familiarity with SPIFFE/SPIRE and workload identity systems
3. Understanding of zero-trust architecture and BeyondCorp principles
4. Experience with hardware security modules (HSM) and key management systems
5. Interest in contributing to identity or cryptography open source projects

It Pays to Work Here

The compensation & benefits package for this role includes:

1. Competitive starting salary
2. A discretionary annual bonus
3. Long-term incentive in the form of a new hire equity grant
4. Comprehensive health plans
5. 401K with company matching
6. Paid Parental Leave
7. Flexible time off

Salary Range

The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

Skills

• AWS
• Communications Skills
• Cryptography
• Development
• Python
• Software Engineering
• Team Collaboration