Role in brief
Gemini seeks a Staff Platform Security Engineer to develop and maintain security services, tools, and automation for cloud environments. This role involves securing AWS and Kubernetes infrastructure using infrastructure-as-code principles. Candidates with strong Python or Go development skills and extensive experience in cloud security, particularly with Terraform and Kubernetes, will find this role a good fit.
About the role
This role focuses on building and maintaining security services and tools, primarily using Python or Go, to ensure secure cloud environments. The engineer will design and implement security controls for AWS and Kubernetes, leveraging infrastructure-as-code. A key aspect of the work involves creating reusable libraries and platforms that promote secure-by-default patterns across the organization.
The position also includes developing automated security monitoring, scanning, and remediation services, as well as building CI/CD security gates and policy-as-code validation tools. Collaboration with engineering teams on architectural decisions and providing security consultations are integral to this role. The engineer will also participate in an on-call rotation for critical security incidents.
Success in this role means contributing to a robust and secure platform by proactively embedding security into development processes. The ideal candidate will have a background in distributed systems, cloud-native architectures, and SRE principles, demonstrating the ability to deploy and maintain security tools in production environments.
The base salary range for this role is between $168,000 and $240,000 in New York, California, and Washington, not including bonuses or equity.
Skills that matter here
- Python: Used for building and maintaining security services, tools, and automation.
- Go: Used for building and maintaining security services, tools, and automation.
- AWS: Required for designing and implementing security controls within cloud environments, including IAM, VPC, and KMS.
- Kubernetes: Expertise needed for securing container orchestration environments, including admission controls and RBAC.
- Terraform: Essential for infrastructure-as-code, including module development, CI/CD gates, and policy testing.
Who this role suits
- A person with a strong background in software development who enjoys building security tools and automation.
- Someone who thrives on securing complex cloud environments and has deep expertise in AWS and Kubernetes.
- An individual who can partner with other engineering teams to integrate security early in the development lifecycle.
- A candidate who is comfortable with on-call rotations and responding to critical security incidents.
From the employer
Responsibilities
- Build and maintain security services, tools, and automation using Python or Go
- Design and implement security controls for AWS and Kubernetes environments using infrastructure-as-code
- Create reusable libraries, frameworks, and platforms that enable secure-by-default patterns
- Develop automated security monitoring, scanning, and remediation services
- Build CI/CD security gates and policy-as-code validation tools
- Partner with engineering teams on architecture decisions and provide security consultation
- Participate in on-call rotation for critical security incidents and infrastructure issues
Minimum Qualifications
- 8+ years of experience in the field
- Strong software development skills in Python or Go with experience building production services
- Strong experience securing AWS environments including IAM, VPC, KMS, and native security services
- Deep Terraform expertise including module development, CI/CD gates, policy testing, remote state management, and zero-downtime deployments
- Proven expertise with Kubernetes security including admission controls, RBAC, network policies, and runtime protection
- Experience with distributed systems, cloud-native architectures, and SRE principles
- Demonstrated ability to build, deploy, and maintain security tools and services in production
Preferred Qualifications
- Experience with GCP security services and multi-cloud environments including Azure
- Knowledge of policy-as-code tools such as Open Policy Agent, Sentinel, or similar
- Experience with container security scanning, image signing, and supply chain security
- Background in incident response for cloud and container environments
- Experience with service mesh technologies and zero-trust networking
- Contributions to open source security tools or cloud security communities
It Pays to Work Here
- Competitive starting pay
- A discretionary annual bonus
- Long-term incentive in the form of a new hire equity grant
- Comprehensive health plans
- 401K with company matching
- Paid Parental Leave
- Flexible time off
Salary Range
The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.
Questions about this role
What is the remote work policy for this position?
This position is fully remote.
What level of seniority is expected for this role?
This role is for a middle-seniority Staff Platform Security Engineer.
What are the primary technical skills required?
Key technical skills include Python or Go for development, strong experience with AWS and Kubernetes security, and deep expertise in Terraform.