Staff Hardware Security Engineer

Empower the Individual Through Crypto

Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement.

At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.

Select roles that are location-specific will still be eligible for flexible schedules.

The Department: Software Engineering

Gemini is regulated and licensed like a bank, but it’s run like a tech startup, and engineering is the core of the company.  There’s a wide range of tough problems to solve at Gemini – from properly securing hundreds of millions of dollars worth of customer funds, to developing innovative new blockchain products, to finding new techniques to combat fraud, to shaving microseconds off our API response times, and everything in between.

All of Gemini’s engineers are able to work across the software platform, not just on their own specialization or subteam. We value a thoughtful, collaborative software development process, coupled with a pragmatic approach to problem solving and delivering software.

The Role: Staff Hardware Security Engineer

The Asset Storage / Signing team at Gemini develops and manages security tools and platforms, assists users to design and assess the security internal systems, builds automation to simplify manual or complex processes and works directly with cryptographic hardware and trusted execution environments.

Security of customers’ digital assets and personal information held with Gemini is our first and foremost priority. The Asset Storage team develops and maintains a trusted execution environment for the purpose of storing Gemini customer’s digital assets. To do that, we are building a hardware signing environment, build and automation process to ensure the integrity of the system, and we research and apply trusted cryptography and other security methods and tools. In addition, this role will also work closely with our Security Operations, Product Security, Wallet Engineering, and Platform Engineering. 

Responsibilities:

• Design, deploy, and maintain security solutions supporting Asset Storage;
• Develop tools and automation that integrate security into systems and process;
• Research complex business topics around Trusted Execution Environments (TEE), secure build infrastructure, and applied cryptography.
• Improve the capabilities of the existing hardware security infrastructure with a mindset towards Infrastructure as a Code.
• Participate in disaster recovery (DR) scenarios to validate operability of physical and digital material
• Provide first line support through an on-call rotation to support business processes

Qualifications:

• Proficiency in a common scripting language including but not limited to Python, Ruby, etc and automation tools/configuration management tools like Ansible, Chef, Puppet etc.
• Strong understanding of systems/network security, secure protocol design, secure build and supply chain management, encryption, authentication, key management and applied cryptography.
• Able to troubleshoot and debug issues, and demonstrate a methodical approach to root cause analysis
• Knowledge of hardware security, verified/secure boot, tamper resistance, side-channel attacks, anti-cloning, and PUFs
• Experience working with cryptographic hardware (PKCS#11, FIPS 201-1 PIV, smartcards, TPMs) or trusted execution environments
• Strong written and verbal communication skills; attentive to details.

It Pays to Work Here

We take a holistic approach to compensation at Gemini, which includes:

• Competitive Compensation and Profit-Sharing Equity
• Flexible vacation policy
• Retirement Plan Matching
• Generous Parental leave
• Comprehensive health plans
• Training and professional development

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-DA1
#LI-REMOTE