Gemini · 1 hour ago
Senior Associate, Security GRC (Cyber)
San Francisco, CA
Full-time
Hybrid
Mid, Senior Level
$112K/yr - $160K/yr
5+ years expGemini is a global crypto and Web3 platform offering secure crypto products and services. The Senior Associate, Security GRC will blend security engineering with governance and risk to mature security controls, support regulatory obligations, and drive automation and remediation efforts.
CryptocurrencyFinanceFinancial ServicesFinTechWeb3
Responsibilities
Perform technical security reviews and assessments for cloud architectures, Kubernetes and containers, serverless, network controls, and IAM. Apply CIS Benchmarks and vendor best practices. Produce clear remediation plans and track closure
Build and support API-based integrations across GRC, cloud, and identity platforms (AWS, Azure, Okta, Atlassian). Use REST, GraphQL, webhooks, OAuth, and service accounts
Lead threat modeling and design reviews for infrastructure, applications, and services. Document risks and compensating controls
Develop continuous control monitoring and evidence pipelines. Collect, normalize, and map evidence to ISO 27001, SOC 2, PCI DSS, NIST CSF, and ISO 22301 requirements
Drive zero trust improvements across identity, device posture, network segmentation, and service-to-service authentication
Prepare for audits and regulatory requests using automated evidence, inventories, and dashboards. Reduce manual work through automation and self-service
Own and drive workstreams across security governance (e.g., entitlement reviews, access management, vendor security, cyber risk, software compliance)
Assess and lead cybersecurity projects across cloud security, container security, and infrastructure hardening
Drive cybersecurity transformation initiatives including implementation of modern security architectures, DevSecOps practices, and zero trust frameworks
Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines, container orchestration platforms (e.g., Kubernetes), and cloud-native services
Advise technical and business teams on secure configurations, emerging threats, and remediation strategies
Qualification
Required
Bachelor's degree in computer science, information security, engineering, or related field, or equivalent experience
5+ years in cybersecurity with hands-on security engineering in cloud, automation, or platform security
Proficiency in basic coding. Python or JavaScript and shell scripting. Ability to write API clients, parse JSON, and orchestrate workflows in n8n or similar tools (Tines, StackStorm, Airflow, Zapier)
Experience building and operating REST or GraphQL integrations. Familiarity with OAuth, service principals, and webhooks
Working knowledge of AWS, GCP, and Azure. Comfortable with IAM, networking, KMS, logging and monitoring, and cloud-native security services
Experience with containers and Kubernetes. Familiar with Helm, admission controllers, and runtime security
Experience with infrastructure as code. Terraform or CloudFormation. Ability to review plans and implement guardrails
Applied knowledge of CIS Benchmarks for AWS, GCP, Linux, and Kubernetes. Ability to run benchmark tooling and harden systems against findings
Strong understanding of enterprise security practices, including DevSecOps, zero trust, and security automation
At least one core security certification, such as CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, or OSCP
Strong writing, communication, and presentation skills across technical and business audiences. Strong stakeholder management. Highly organized
Preferred
Big 4 or consulting experience supporting cybersecurity programs
Experience leading or supporting enterprise security modernization and cloud guardrails
Experience with policy-as-code and platform guardrails (OPA or Rego, AWS Config, Azure Policy, Google Organization Policy)
Experience with CI systems and embedding security checks (GitHub Actions, GitLab CI, CircleCI, Jenkins)
Experience with evidence automation and GRC tooling (AuditBoard, Vanta, Drata, Secureframe, or in-house)
Experience with CSPM and CWPP platforms and SIEM or EDR (Wiz, Prisma Cloud, Aqua, Falco, Splunk, Elastic, Chronicle, Datadog, Panther)
Ability to build dashboards and basic analytics for control monitoring. SQL or notebook-based analysis is a plus
Benefits
Competitive starting salary
A discretionary annual bonus
Long-term incentive in the form of a new hire equity grant
Comprehensive health plans
401K with company matching
Paid Parental Leave
Flexible time off
Company
Gemini
Gemini is a licensed digital asset exchange and custodian built for both individuals and institutions.
501-1000 employees
H1B Sponsorship
Gemini has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (1)
Funding
Current Stage
Public CompanyTotal Funding
$499.9MKey Investors
RippleDraper DragonMorgan Creek Digital
2025-09-12IPO
2025-07-10Debt Financing· $75M
2022-06-20Secondary Market· $1M
Leadership Team
Tyler Winklevoss
Co-Founder & CEO
Cameron Winklevoss
Co-founder & President
Recent News
2025-12-26
2025-12-26
Company data provided by crunchbase