Many companies are interested in hiring people with cryptography and CTF skills. On this page you can browse job postings for companies who appreciate and sponsor CryptoHack.

If you would like to advertise on this page, please contact us using a method listed in the FAQ.
Principal Product Security Engineer, Product Security (New York NY, Portland OR, Chicago IL, San Francisco CA)

Gemini Trust Company, LLC (Gemini) is a licensed digital asset exchange and custodian. We built the Gemini platform so customers can buy, sell, and store digital assets (e.g., Bitcoin, Ethereum, and Zcash) in a regulated, secure, and compliant manner.

Digital assets and blockchain technology have the power to transform the world for good. This truth, along with our core values, form the bedrock of our company and culture. At Gemini, no job is too small and no project too big as we endeavor to build the future of money. We are a mission-driven, team-based, inclusive, and determined community of thought leaders who invest in each other and the long game. Join us in our mission!

The Department: Security

In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini’s very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the crypto space. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported.

As a security engineer you will be a member of the Product Security team and will share in the responsibility of protecting the company and our customers against application security threats. The team is focused on modernizing appsec practices in 2021, including designing and deploying automated tools and services to all layers of the development and deployment pipeline as well as the design and construction of a paved road for engineering.

Principal Product Security Engineer, AppSec (click to view the original job posting)

As a member of the Product Security team, you will share in the responsibility of protecting the company and our customers against application security threats. The ProdSec team is focused on the advancement of modern application security and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities.

As a Principal Security Engineer, you will lead the design and implementation of resilient and secure applications in support of the team’s goals. This will take the form of internal security-focused tools, applications, and systems, with a focus on infrastructure and cloud security.


  • Design and deliver solutions that solve real-world security problems
  • Develop tools that make it easier to ship secure code and harder to ship insecure code.
  • Collaborate with engineering teams to educate them on threats and vulnerabilities applicable to Gemini’s platform.
  • Perform security assessments of Gemini’s platform, which includes our web application, mobile application, and infrastructure, hardware, and protocols associated with supporting a growing list of cryptocurrencies.
  • Develop and share research in the area of product security, vulnerability management, and blockchain / cryptocurrency.

Minimum Qualifications:

  • At least 8 years of experience in application security
  • Expertise with common security testing methodologies
  • Experience with automated or otherwise highly scalable application security solutions
  • Experience with building and customizing tools
  • Ability to accurately weigh security risks against business operations and goals
  • Strong communication skills and ability to work in a team

Preferred Qualifications:

  • Experience with Scala, Python, or C++
  • Experience in cloud native environments
  • Experience securing mobile applications and infrastructure
  • Published or presented security research

It Pays to Work Here

We take a holistic approach to compensation at Gemini, which includes:
  • Competitive base salaries across all departments
  • Ownership in the company via profit sharing units
  • Amazing benefits, 401k match contribution, and flexible hours
  • Snacks, Perks, Wellness Outings & Events
Include Security
Senior Security Assessment Research Consultant (Remote full-time)

Right now we're looking for full-time application hacking experts, and we do mean experts. Experience in finding awesome vulns during web app pentests/code reviews is a must, but we also end up doing a fair number of mobile apps, client apps, server apps, APIs, and embedded devices/IoT as well. If your well-researched advisories or bug bounties show up around the web that's a really good sign. That being said, public advisories/bounties are not a requirement, we know there are plenty of good folks in the world who prefer not to publish any of their findings and we'd love to talk to all of you folks as well. We also do a bit of Reversing every now and then, so that experience helps for the occasion it arises.

We work on hundreds of projects a year, here's a current snapshot of what we've got going:

  • We're hacking Java/Scala/C/C++/JS/Python mostly this month
  • Next month an app with microservices written in 10 different programming languages, a windows userland sandbox, lots of mobile apps, and web services written in PHP/Java/Ruby.
  • Rest of the year -- anything you can think of! It's never the same thing twice here.

Who you might be:

  • You are an experienced application hacker. Web hacking is second nature, but perhaps so are other types of hacks (Reversing, Mobile, Client/Server, Crypto, Kernels, etc.)
  • You've already done consulting, enterprise assessment work, or are always at the top of the bug bounties/CTFs for a number of years (sorry we don't hire Junior consultants, it is our company policy.)
  • You're looking for a no BS environment where the process is optimized for getting out of your way and letting you find vulns. And you're happy to share and collaborate with the rest of the team.
  • You love the flexibility of a remote work environment. Our team is based in NYC, but we have consultants across seven countries in North America, EU, and South America.
  • You want to work with a low overhead team with no micro management, but also get to work with some heavy hitting big name clients (hundreds of clients served at this point) You want to work on assessments of the best and brightest tech companies of Silicon Valley, SF, and the world. Cutting edge technologies and massive scale systems, these are the types of engagements you dig and look for.
  • You know work is important but plenty of time off and paid research time matters too. Depending on your past research experience you might end up doing four to eight weeks of non-billable research yearly. All consultants get four weeks paid time-off every year, national holidays, and the last week of every calendar year off.

Who we are:

We're an all expert boutique consulting company who have served hundreds of clients since our founding in 2010. We do this with a relaxed remote working environment where we can expertly hack on big name clients such as large websites, software companies, hardware companies, as well as tons of start-ups you've heard of. We do our best to put a different spin on the InfoSec/AppSec consulting game as we put our consultants and clients first and foremost! That means work on your own schedule, work from almost anywhere (we've had people finish RCE findings while camping in the French Alps), and we only work with self-directed and responsible senior consultants who consistently show professional results (pay is based on that kind of experience.)

You're right up our ally if you're currently doing security app assessments at another consulting shop and want a better work/life balance, with less client interaction (management handles that), skip all the BS parts of reporting, no sales/marketing/PMs that don't know what they're doing and cause you grief, no multiple layers of management, no bureaucracy, no "I just broke the Internet and I'm better than you" egos/attitudes, and more time to hack on stuff during engagements or do whatever you want to do in your down time (yes paid research time is included for our full-time team.)

If any of this sounds interesting please hit us up with a resume||CV and links to any of your work that might be public or a description of any private research you feel like sharing.

Pay/Benefits: We pay in the ballpark of the larger consulting shops and we offer 100% coverage from top tier health/dental plans. We have lots of other perks for full-time employees like paid conferences, etc.

Telecommuting: Yes, almost exclusively. Travel is an option if you want it, but it's currently ~1% of our total work.

Contracting/Full-time: Our preference is Full-time, if you're awesome and don't want to be an FTE email us anyways.

Location: We're looking for folks in -8 GMT through +1 GMT timezones.

Clearance: Nope, we don't work in that field. Look elsewhere for WannaCyberInASCIF? work.

Company Future: 1) Do fun hacks with awesome clients 2) Have fun doing it 3) Can we do something awesome research/products/service wise? if not...4) Reinvest profits to GOTO #1.

Level Up

level up icon

You are now level Current level