Staff Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Nifty Gateway Studio · 1 month ago

Staff Application Security Engineer

positionSan Francisco, CA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$168K/yr - $240K/yr
date7+ years exp

Gemini is a global crypto and Web3 platform founded in 2014, offering a range of secure crypto products and services. The Staff Application Security Engineer will be responsible for protecting the company against application security threats, leading secure design reviews, and collaborating with various teams to ensure security throughout the software development lifecycle.

Media and Entertainment

Responsibilities

Own and evolve the Gemini Secure Software Development Lifecycle guardrails as an application security subject matter expert
Lead architecture reviews, threat modeling, code reviews, and penetration testing for high-risk applications and services
Research, build and drive adoption of high-signal application security automation and secure-by-default frameworks
Create and deliver hands-on application security training to enable engineers at scale
Participate in the Application Security on-call rotation and lead post-incident hardening

Qualification

Application security best practicesThreat modelingPenetration testingSecure code reviewsScala/JVM proficiencyPython/Go proficiencyCustom security controlsCross-functional communicationOpen-source contributionsCollaboration skills

Required

Proven ability to perform design reviews, threat modeling, secure code reviews, and penetration testing with an attacker mindset
Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
Deep code review proficiency in Scala/JVM (preferred) or other languages and at least one of Python/Go/etc for building; able to review production services in other languages
Experience implementing custom detection and prevention application security controls to eliminate application security issues beyond OWASP Top 10
Familiarity with and ability to understand business objectives, business context, and security risk
Strong cross-functional communication and collaboration (Security, Engineering, and Product)
Typically 7-10+ years of experience or equivalent impact in application security, product security, or similar roles

Preferred

Experience implementing supply chain security controls (SCA, SLSA, signing, etc.)
Prior experience in cryptocurrency firms or highly regulated environments (PCI DSS, SOX, SOC2, ISO 27001)
Open-source impact such as conference talks, blogs/papers, tooling, or libraries

Benefits

Competitive starting salary
A discretionary annual bonus
Long-term incentive in the form of a new hire equity grant
Comprehensive health plans
401K with company matching
Paid Parental Leave
Flexible time off

Company

Nifty Gateway Studio

twittertwittertwitter
company-logo
A digital production studio working with creators and brands to develop immersive social entertainment and creative experiences onchain.
dateFounded in 2019
location
New York, New York, USA
people-size51-200 employees
web-link
https://niftygateway.com/

Funding

Current Stage
Growth Stage
Total Funding
unknown
2019-11-19Acquired
2019-05-01Pre Seed

Recent News

Crowdfund Insider
Gemini Announces Expansion of Ethereum and USDC Support Across Multiple Blockchains and Launches New NFT Experience
2025-08-15
PR Newswire
Nifty Gateway Studio and Other World Present "The Garden of Other Worldly Delights" - AI Judgment Meets Classic Sin in Monumental Reimagining of Bosch's Triptych
2025-08-06
ARTnews.com
Mysterious Pak NFT Project Generates $91.8 M. in Sales on Nifty Gateway
2024-12-04
Company data provided by crunchbase