Senior Application Security Engineer

5+ years of experience in application security or similar roles
Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
Some background in development or scripting experience (Python, Scala, C++, or JavaScript)
Familiarity with and ability to understand business objectives, business context, and security risk
Strong communication skills and the ability to collaborate on a cross-functional team

Support the Gemini Secure Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
Collaborate and advise engineering teams on application security best practices and vulnerability remediation
Perform deep-dive security reviews to ensure all Gemini products and services follow secure design principles across our product portfolio (web, mobile, and APIs)
Develop tools and research to scale the Product Security team
Create and deliver hands-on software security training to engineering teams to increase security awareness
Participate in the Application Security on-call rotation to support engineering teams during incidents
Manual source code review
Penetration testing
Design and implementation review
Threat modeling
Design and implementation consultation
Continuous assurance activities
Risk identification and categorization / management
Engineering education and engagement

Experience with microservice architectures
Experience with cloud-native environments
Experience with preventing application security vulnerabilities through secure design patterns, automated tooling, or frameworks