Key skills
PythonAIClaudeGeminiAgenticAnalyticsAWSTerraformKubernetesEKSArgoCDIAMGitOpsVersion ControlCI/CDCommunicationCloud Security
About this role
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. As a Security Platform Engineer, you will apply reliability engineering to security-critical infrastructure, building systems that scale and recover automatically across numerous environments.
Responsibilities:
- Build and operate Lumin's security fabric: the foundation other security capabilities depend on, engineered for reliability and scale across hundreds of environments
- Build and maintain agentic AI workflows using tools like Claude Code, MCP-based integrations, and custom agent harnesses to automate security platform engineering tasks. Examples include infrastructure code review, configuration drift detection, runbook generation, and incident timeline synthesis
- Build and operate security telemetry, log analytics, and observability infrastructure: logging clusters, ingest pipelines, OpenSearch index management and performance tuning, and the alerting systems that enable detection and response capabilities across the platform
- Design and implement deployment workflows using GitOps patterns (ArgoCD, Argo Workflows, Kustomize) to manage security infrastructure across hundreds of AWS accounts and regions, with consistency, auditability, and separation of duties enforced as code
- Write and maintain production-quality Python applications and tooling that support platform operations: automation, integrations, internal utilities, and the AI-assisted workflows that wrap them
- Secure and operate Kubernetes workloads in EKS, configuring RBAC, network policies, and deployment safeguards to reduce lateral movement and minimize blast radius for security services
- Design and maintain secure cross-account and multi-region infrastructure patterns, including KMS, IAM roles, and VPC configurations, ensuring consistent security posture across hundreds of environments
- Participate in an on-call rotation for security infrastructure services, restoring service health, documenting resolutions, and converging the systems toward needing fewer humans in the loop over time
- Provide engineering support during security incidents by ensuring logging and monitoring infrastructure is healthy, data is available, and tooling is functioning, in coordination with Security Operations, who own the response process
- Support internal security audits and compliance frameworks by engineering evidence collection into the platform's data flows
- Collaborate with other Security Engineers, Risk teams, and core Site Reliability Engineering to align infrastructure decisions and share operational knowledge
- Evaluate emerging AI-assisted engineering patterns and tooling through proof-of-concept work, including agent harness designs, prompt patterns, and eval methodologies relevant to platform reliability and security automation. Promote what proves itself into team standard practice
- Perform other duties as assigned
Requirements:
- Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field, or equivalent combination of demonstrated engineering experience, shipped projects, and certifications in platform engineering, reliability engineering, or cloud-native systems
- 5+ years of hands-on experience in platform engineering, infrastructure engineering, reliability engineering, DevSecOps, or a closely related technical discipline, with a strong emphasis on building engineered systems rather than operating manual processes
- At least 1 year of production experience with at least 2 agentic coding tools, such as Claude Code, Gemini, Cursor, Codex, AMP, or OpenCode
- Demonstrated experience building and shipping production code in Python or a similarly capable language, with infrastructure-as-code tools such as Terraform
- Proven track record of operating cloud-native infrastructure in production, with deep familiarity in AWS, Kubernetes, multi-account / multi-region patterns, and CI/CD pipeline integration
- Fluency with AI-assisted development tools like Claude Code and similar agentic coding assistants, including the ability to design, prompt, and orchestrate agents for platform engineering and security automation workflows
- Hands-on experience shipping at the agentic tool layer: MCP integrations, custom agent harnesses, or AI tool-use pipelines
- Strong software engineering fundamentals: version control, code review, testing, CI/CD, and API design, with the ability to write production-quality, maintainable code rather than throwaway scripts
- Strong foundation in reliability engineering: capacity planning, SLO development, on-call experience, incident management, and designing for operational resilience in security and compliance-sensitive contexts
- Hands-on proficiency with cloud-native platform engineering: AWS (KMS, IAM, EKS, networking, and supporting services), Kubernetes, and Terraform or equivalent IaC tools
- Demonstrated experience with GitOps deployment patterns (ArgoCD, Argo Workflows, Kustomize, or similar) and container orchestration in production environments
- Experience with security telemetry pipelines and log analytics platforms (OpenSearch or similar), including data normalization, enrichment, and the structural fidelity required for downstream automation
- Working knowledge of cloud security and compliance frameworks (SOC 2, PCI DSS, CIS Benchmarks, AWS Well-Architected), with the ability to translate control requirements into automated, auditable systems
- Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation
- Excellent written and verbal communication, including the ability to translate complex platform architectures into clear documentation, runbooks, and knowledge-transfer materials
- Experience with security telemetry platforms (OpenSearch or similar), GitOps deployment patterns (ArgoCD, Argo Workflows, Kustomize, or similar), or reliability engineering practices in a security or compliance-sensitive context preferred
- Nice to have: Contributions at the edge of what's possible with platform reliability and AI, including open-source projects, agent evaluation work, public writing, talks, or similar