ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Senior Associate, Security GRC (Cyber)

Gemini

New York, New York; San Francisco, California (Gemini North America) Remote permanent

Posted: November 12, 2025

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Required Skills

AWS Azure Kubernetes CIS Benchmarks REST GraphQL webhooks OAuth service accounts ISO 27001 SOC 2 PCI DSS

Job Description

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

The Department: SEC Governance, Risk & Compliance

The Role: Senior Associate, Security GRC (Cyber)

Gemini is seeking a hands-on Senior Associate, Security GRC to join our cybersecurity team. This is a technical GRC role. You will blend security engineering with governance and risk to mature Gemini’s security controls. You will build automation, integrate systems through APIs, perform technical reviews, and drive remediation with engineering teams. You will also support regulatory obligations and customer diligence with automated, repeatable evidence.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Perform technical security reviews and assessments for cloud architectures, Kubernetes and containers, serverless, network controls, and IAM. Apply CIS Benchmarks and vendor best practices. Produce clear remediation plans and track closure.

• Build and support API-based integrations across GRC, cloud, and identity platforms (AWS, Azure, Okta, Atlassian). Use REST, GraphQL, webhooks, OAuth, and service accounts.

• Lead threat modeling and design reviews for infrastructure, applications, and services. Document risks and compensating controls.

• Develop continuous control monitoring and evidence pipelines. Collect, normalize, and map evidence to ISO 27001, SOC 2, PCI DSS, NIST CSF, and ISO 22301 requirements.

• Drive zero trust improvements across identity, device posture, network segmentation, and service-to-service authentication.

• Prepare for audits and regulatory requests using automated evidence, inventories, and dashboards. Reduce manual work through automation and self-service.

• Own and drive workstreams across security governance (e.g., entitlement reviews, access management, vendor security, cyber risk, software compliance).

• Assess and lead cybersecurity projects across cloud security, container security, and infrastructure hardening.

• Drive cybersecurity transformation initiatives including implementation of modern security architectures, DevSecOps practices, and zero trust frameworks.

• Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines, container orchestration platforms (e.g., Kubernetes), and cloud-native services.

• Advise technical and business teams on secure configurations, emerging threats, and remediation strategies.

Minimum Qualifications:

• Bachelor’s degree in computer science, information security, engineering, or related field, or equivalent experience.

• 5+ years in cybersecurity with hands-on security engineering in cloud, automation, or platform security.

• Proficiency in basic coding. Python or JavaScript and shell scripting. Ability to write API clients, parse JSON, and orchestrate workflows in n8n or similar tools (Tines, StackStorm, Airflow, Zapier).

• Experience building and operating REST or GraphQL integrations. Familiarity with OAuth, service principals, and webhooks.

• Working knowledge of AWS, GCP, and Azure. Comfortable with IAM, networking, KMS, logging and monitoring, and cloud-native security services.

• Experience with containers and Kubernetes. Familiar with Helm, admission controllers, and runtime security.

• Experience with infrastructure as code. Terraform or CloudFormation. Ability to review plans and implement guardrails.

• Applied knowledge of CIS Benchmarks for AWS, GCP, Linux, and Kubernetes. Ability to run benchmark tooling and harden systems against findings.

• Strong understanding of enterprise security practices, including DevSecOps, zero trust, and security automation.

• At least one core security certification, such as CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, or OSCP.

• Strong writing, communication, and presentation skills across technical and business audiences. Strong stakeholder management. Highly organized.

Preferred Qualifications:

• Big 4 or consulting experience supporting cybersecurity programs.

• Experience leading or supporting enterprise security modernization and cloud guardrails.

• Experience with policy-as-code and platform guardrails (OPA or Rego, AWS Config, Azure Policy, Google Organization Policy).

• Experience with CI systems and embedding security checks (GitHub Actions, GitLab CI, CircleCI, Jenkins).

• Experience with evidence automation and GRC tooling (AuditBoard, Vanta, Drata, Secureframe, or in-house).

• Experience with CSPM and CWPP platforms and SIEM or EDR (Wiz, Prisma Cloud, Aqua, Falco, Splunk, Elastic, Chronicle, Datadog, Panther).

• Ability to build dashboards and basic analytics for control monitoring. SQL or notebook-based analysis is a plus.

It Pays to Work Here

The compensation & benefits package for this role includes:

• Competitive starting salary

• A discretionary annual bonus

• Long-term incentive in the form of a new hire equity grant

• Comprehensive health plans

• 401K with company matching

• Paid Parental Leave

• Flexible time off

Salary Range: The base salary range for this role is between $112,000 - $160,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-MW1

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply