Lumin DigitalRemote
Vulnerability Automation Engineer
United States of America
Full Time
3 weeks ago
$170,000 - $190,000 USD
Visa Sponsor
Key skills
PythonGoBashAIClaudeAgenticData EngineeringAWSGCPTerraformKubernetesServerlessGitGitHubVersion ControlCI/CDLeadershipCommunicationSnykTrivyOWASPCloud Security
About this role
Lumin Digital is building a Vulnerability Automation Engineering team that eliminates the traditional vulnerability management ticket queue entirely. As a Vulnerability Automation Engineer, you will design, build, and operate lights-off pipelines that continuously discover assets, assess posture, scan for vulnerabilities, harden configurations, and auto-remediate findings across cloud-native and infrastructure-as-code environments.
Responsibilities:
- Design and implement end-to-end vulnerability automation pipelines that continuously discover assets, assess configurations, identify vulnerabilities, and execute or orchestrate remediation, without manual ticketing or human-in-the-loop coordination
- Build and maintain agentic AI workflows using tools such as Claude Code and MCP-based integrations to automate security engineering tasks, including code review for vulnerability patterns, configuration drift detection, and patch deployment across cloud-native environments
- Engineer new and enhance existing automated asset discovery and inventory systems that maintain a real-time, authoritative view of all infrastructure, services, and endpoints across environments, including ephemeral and containerized workloads
- Develop and operationalize automated configuration hardening pipelines that enforce security baselines (CIS Benchmarks, internal standards) as code, with drift detection and auto-remediation capabilities
- Create and maintain infrastructure-as-code templates, policy-as-code rules, and automated playbooks that embed security controls directly into deployment pipelines, preventing or resolving vulnerabilities at build time rather than discovering them post-deployment
- Build self-service remediation tooling and agentic support systems that empower development and infrastructure teams to resolve security findings autonomously, reducing cross-team dependencies and accelerating mean time to remediation
- Integrate vulnerability data sources (scanners, SCA tools, cloud-native security services, threat intelligence feeds) into unified automation platforms, normalizing and enriching findings to drive intelligent prioritization and automated response
- Develop metrics, dashboards, and automated reporting that provide real-time visibility into vulnerability posture, remediation velocity, and automation coverage, enabling leadership to measure program effectiveness without manual evidence gathering
- Collaborate with product, engineering, operations, and other risk teams to embed vulnerability automation into CI/CD pipelines, infrastructure provisioning workflows, and operational runbooks
- Perform other duties as assigned
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field; or equivalent combination of education and demonstrated engineering experience in vulnerability lifecycle management and security automation
- 5+ years of hands-on experience in security engineering, DevSecOps, vulnerability management, or infrastructure automation, with a strong emphasis on building automated systems rather than operating manual processes
- Demonstrated experience building and shipping automation pipelines in production environments using Python, Go, Bash, or similar languages, with infrastructure-as-code tools such as Terraform
- Proven track record of working in cloud-native environments with deep familiarity in containerized workloads, Kubernetes, serverless architectures, and CI/CD pipeline integration
- Experience with vulnerability scanning and security assessment platforms (e.g., Tenable, Qualys, Wiz, Snyk, Trivy, Grype, or cloud-native equivalents) and the ability to integrate them programmatically into automated workflows
- Deep understanding of vulnerability classes (OWASP Top 10, CWE, CVE/CVSS, EPSS) and modern prioritization frameworks that go beyond raw CVSS scores to factor exploitability, asset criticality, and business context
- Proficiency with AI-assisted development tools (Claude Code, GitHub Copilot, or similar agentic coding assistants) and the ability to design, prompt-engineer, and orchestrate AI agents for security automation workflows
- Strong software engineering fundamentals: version control (Git), code review, testing, CI/CD, API design, and the ability to write production-quality, maintainable code—not just scripts
- Hands-on experience with cloud security tooling and APIs (AWS Config, GuardDuty, Inspector, Security Hub), container security
- Familiarity with security data engineering concepts: API and database integration, data normalization, and building automated evidence-collection pipelines for compliance and audit support
- Excellent written and verbal communication skills, with the ability to translate complex automation architectures into clear documentation, runbooks, and knowledge-transfer materials for cross-functional teams
- Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. You see a repeated manual process as a bug, not a task
- Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: GPYC, GPEN, GXPN, AWS Security Specialty, GCP Professional Cloud Security Engineer, CKS (Certified Kubernetes Security Specialist), or HashiCorp Terraform Associate
- Experience with MCP (Model Context Protocol) integrations, building custom AI tool-use pipelines, or contributing to open-source security automation projects