Cyber Security Engineer

Basic Function

Lumin Digital's Security Engineering team is a true engineering organization that protects a cloud-hosted digital banking platform serving financial institutions and their members. As a Cybersecurity Engineer, you will build software and infrastructure that heals itself, automatically enforces controls at scale, and converges on correct operation across hundreds of environments. Your scope includes the lifecycle of our cryptographic material and the architecture of our security telemetry. You will work in AI-assisted engineering tools every day: agentic coding assistants like Claude Code, MCP-based integrations, and custom agent harnesses. This role exists for engineers fluent in AI tools who have something to teach the rest of us about working with them. Success means our security infrastructure doesn't go bump in the night.
Essential Functions and Responsibilities:

• Engineer the security infrastructure the rest of the company depends on across AWS and Kubernetes: telemetry pipelines, cryptographic material lifecycle, compliance automation, and the architecture patterns that scale across hundreds of environments.
• Build and maintain agentic AI workflows using tools like Claude Code, MCP-based integrations, and custom agent harnesses to automate security engineering tasks. Examples include code review for vulnerability patterns, drift detection in security controls, and automated evidence collection.
• Engineer the lifecycle of cryptographic material as code, including key generation, secure storage, certificate issuance, rotation, and revocation. All steps version-controlled, automated, and recoverable without a human in the loop.
• Build security telemetry pipelines that detect, enrich, and route signals with the fidelity our auto-remediation systems require.
• Embed security controls into deployment pipelines so vulnerabilities are prevented or resolved at build time rather than discovered post-deployment, including policy-as-code rules and automated playbooks.
• Build compliance evidence collection and continuous control monitoring as engineered systems that produce auditor-ready outputs from continuous data flows.
• Develop and maintain threat models that inform security architecture decisions and prioritize where engineered controls earn their place. Promote learnings into reusable patterns the rest of engineering can adopt.
• Consult, review, and approve architectural decisions by other infrastructure and product teams for security compliance and outcomes, with attention to where secrets are stored and how trust boundaries are crossed.
• Provide engineering support to Security Operations during incident response: build the tooling, telemetry, and automation that aids detection, containment, and recovery, in coordination with the Sec Ops team that owns the response process.
• Partner with other Risk functions, technical teams, auditors, vendors, and clients to translate security requirements into engineered systems and validate posture across all environments.
• Evaluate emerging AI-assisted engineering patterns and tooling through proof-of-concept work, including agent harness designs, prompt patterns, and eval methodologies. Promote what proves itself into team standard practice.
• Operate our COTS security tooling when needed, usually through IaC and automation we've built ourselves, occasionally by clicking through a vendor console.
• Perform other duties as assigned.

Physical Demands:

• While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel; and talk or hear.
• Specific vision abilities required by this job include close vision.
• Ability to occasionally lift/move up to 25 pounds.
• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

Supervisory Responsibility:

• None.

Position Specifications
Education:

• Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent combination of demonstrated engineering experience, shipped projects, and certifications in security engineering, cryptography, or cloud-native automation.
• Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: AWS Security Specialty, HashiCorp Terraform Associate, HashiCorp Vault Associate, CKS (Certified Kubernetes Security Specialist), GPYC (GIAC Python Coder), GCSA (GIAC Cloud Security Automation), or (ISC)² CCSP.

Experience:

• 5+ years of hands-on experience in security engineering, software engineering, or a closely related technical discipline, with a strong emphasis on building engineered systems rather than operating manual processes.
• At least 1 year of production experience with at least 2 agentic coding tools, such as Claude Code, Gemini, Cursor, Codex, AMP, or OpenCode.
• Demonstrated experience building and shipping production code in Python or a similarly capable language, with infrastructure-as-code tools such as Terraform.
• Proven track record of working in cloud-native environments, with deep familiarity in AWS, Kubernetes, containerized workloads, and CI/CD pipeline integration.
• Experience with security telemetry platforms (OpenSearch or similar), PKI / certificate lifecycle management, or compliance automation preferred.

Knowledge, Skills, & Abilities:

• Fluency with AI-assisted development tools like Claude Code and similar agentic coding assistants, including the ability to design, prompt-engineer, and orchestrate agents for security engineering workflows. Production experience where AI was load-bearing in the build.
• Hands-on experience shipping at the agentic tool layer: MCP integrations, custom agent harnesses, or AI tool-use pipelines.
• Strong software engineering fundamentals: version control, code review, testing, CI/CD, and API design, with the ability to write production-quality, maintainable code rather than throwaway scripts.
• Hands-on proficiency with cloud-native engineering: AWS (KMS, IAM, Lambda, EKS, and supporting services), Kubernetes, and Terraform or equivalent IaC tools.
• Technical knowledge of cybersecurity concepts, threat modeling, and secure design principles sufficient to consult on, review, and approve security-critical architectural decisions.
• Working knowledge of PKI concepts and certificate lifecycle management, with the ability to engineer cryptographic lifecycles as code.
• Experience with security telemetry pipelines and log analytics platforms (OpenSearch or similar), including data normalization, enrichment, and the structural fidelity required for downstream automation.
• Working knowledge of cloud security and compliance frameworks (SOC 2, PCI DSS, CIS Benchmarks, AWS Well-Architected), with the ability to translate control requirements into automated, auditable systems.
• Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. A repeated manual process is a bug, not a task.
• Excellent written and verbal communication, including the ability to translate complex security architectures into clear documentation and to operate as a consultative security partner across technical and non-technical teams. Comfort with a fully remote, async-first culture where Slack and thorough documentation are how decisions get made.
• Nice to have: Contributions at the edge of what's possible with security and AI, including open-source projects, agent evaluation work, public writing, talks, or similar.

Travel:

• Minimal, generally 12 days or less per year, ~2X team get-togethers a year.

$140,000 - $160,000 a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base - and as a 100% cloud-native company, we're purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture is built on trust in our expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas. These values shape a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered every day. We encourage our team to explore, experiment, and challenge the status quo - because continuous improvement isn't just a goal, it's how we operate.

Benefits include: We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis. For more information, visit lumindigital.com.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.