Summary

The Department: Security (Platform Security)

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Role: Senior Platform Security Engineer

The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. As a Senior Platform Security Engineer, you will build and maintain security controls across diverse environments—from hardening cloud and container orchestration systems to enhancing our non-cloud infrastructure. This is a hands-on engineering role where you'll write production code daily, not just configuration.

You'll own security initiatives from design through production operations. This role requires strong software development skills, practical experience with AWS and Kubernetes security, and the ability to partner with engineering teams to enable secure delivery. You will also apply expertise in critical neighboring areas, including PKI, core cryptography, identity management, and network security, to ensure comprehensive protection across the stack.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

1. Build and maintain security controls for AWS and Kubernetes (EKS) environments, including guardrails, container security scanning, and infrastructure-as-code (Terraform) security
2. Support IAM initiatives by helping to design and maintain access controls, role-based access control (RBAC) models, and identity governance workflows
3. Design, deploy, and maintain internal security services and platforms that other engineering teams rely on
4. Act as a security partner to engineering teams, helping them make secure architecture decisions without blocking innovation
5. Work across functions—partnering with AppSec, Threat Detection, and GRC—to identify and reduce risk across the entire stack
6. Participate in on-call rotation for platform security incidents

Minimum Qualifications:

1. 5+ years of experience in Information Security, SRE, or Systems Engineering
2. Strong software development skills in Python or Go with experience building production services
3. Solid experience with AWS (or similar cloud providers), including familiarity with IAM roles, VPCs, and native security controls
4. Hands-on experience with Kubernetes/EKS and containerization concepts, including pod security policies and container lifecycle
5. Understanding of IAM principles, RBAC, and least-privilege access models
6. Proficiency in Terraform for infrastructure-as-code
7. Ability to self-scope and execute technical goals with minimal supervision

Preferred Qualifications:

1. Experience with identity providers (IdP) like Okta and standards like SAML/OIDC
2. Experience writing Policy-as-Code (e.g., Open Policy Agent/Rego)
3. Background in Linux systems engineering or network security
4. Experience building and operating high-availability critical systems

It Pays to Work Here

The compensation & benefits package for this role includes:

1. Competitive starting pay
2. A discretionary annual bonus
3. Long-term incentive in the form of a new hire equity grant
4. Comprehensive health plans
5. 401K with company matching
6. Paid Parental Leave
7. Flexible time off

Salary Range

The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

Skills

• AWS
• Communications Skills
• Development
• Software Engineering
• Team Collaboration