Cyber Security Engineer

Lumin Digital is a trailblazer in digital banking solutions, focused on empowering financial institutions through innovative technology. As a Cyber Security Engineer, you will develop and maintain security infrastructure and automated systems that protect a cloud-hosted digital banking platform.

Responsibilities:

• Engineer the security infrastructure the rest of the company depends on across AWS and Kubernetes: telemetry pipelines, cryptographic material lifecycle, compliance automation, and the architecture patterns that scale across hundreds of environments
• Build and maintain agentic AI workflows using tools like Claude Code, MCP-based integrations, and custom agent harnesses to automate security engineering tasks. Examples include code review for vulnerability patterns, drift detection in security controls, and automated evidence collection
• Engineer the lifecycle of cryptographic material as code, including key generation, secure storage, certificate issuance, rotation, and revocation. All steps version-controlled, automated, and recoverable without a human in the loop
• Build security telemetry pipelines that detect, enrich, and route signals with the fidelity our auto-remediation systems require
• Embed security controls into deployment pipelines so vulnerabilities are prevented or resolved at build time rather than discovered post-deployment, including policy-as-code rules and automated playbooks
• Build compliance evidence collection and continuous control monitoring as engineered systems that produce auditor-ready outputs from continuous data flows
• Develop and maintain threat models that inform security architecture decisions and prioritize where engineered controls earn their place. Promote learnings into reusable patterns the rest of engineering can adopt
• Consult, review, and approve architectural decisions by other infrastructure and product teams for security compliance and outcomes, with attention to where secrets are stored and how trust boundaries are crossed
• Provide engineering support to Security Operations during incident response: build the tooling, telemetry, and automation that aids detection, containment, and recovery, in coordination with the Sec Ops team that owns the response process
• Partner with other Risk functions, technical teams, auditors, vendors, and clients to translate security requirements into engineered systems and validate posture across all environments
• Evaluate emerging AI-assisted engineering patterns and tooling through proof-of-concept work, including agent harness designs, prompt patterns, and eval methodologies. Promote what proves itself into team standard practice
• Operate our COTS security tooling when needed, usually through IaC and automation we've built ourselves, occasionally by clicking through a vendor console
• Perform other duties as assigned

Requirements:

• Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent combination of demonstrated engineering experience, shipped projects, and certifications in security engineering, cryptography, or cloud-native automation
• 5+ years of hands-on experience in security engineering, software engineering, or a closely related technical discipline, with a strong emphasis on building engineered systems rather than operating manual processes
• At least 1 year of production experience with at least 2 agentic coding tools, such as Claude Code, Gemini, Cursor, Codex, AMP, or OpenCode
• Demonstrated experience building and shipping production code in Python or a similarly capable language, with infrastructure-as-code tools such as Terraform
• Proven track record of working in cloud-native environments, with deep familiarity in AWS, Kubernetes, containerized workloads, and CI/CD pipeline integration
• Fluency with AI-assisted development tools like Claude Code and similar agentic coding assistants, including the ability to design, prompt-engineer, and orchestrate agents for security engineering workflows
• Hands-on experience shipping at the agentic tool layer: MCP integrations, custom agent harnesses, or AI tool-use pipelines
• Strong software engineering fundamentals: version control, code review, testing, CI/CD, and API design, with the ability to write production-quality, maintainable code rather than throwaway scripts
• Hands-on proficiency with cloud-native engineering: AWS (KMS, IAM, Lambda, EKS, and supporting services), Kubernetes, and Terraform or equivalent IaC tools
• Technical knowledge of cybersecurity concepts, threat modeling, and secure design principles sufficient to consult on, review, and approve security-critical architectural decisions
• Working knowledge of PKI concepts and certificate lifecycle management, with the ability to engineer cryptographic lifecycles as code
• Experience with security telemetry platforms (OpenSearch or similar), PKI / certificate lifecycle management, or compliance automation preferred
• Working knowledge of cloud security and compliance frameworks (SOC 2, PCI DSS, CIS Benchmarks, AWS Well-Architected), with the ability to translate control requirements into automated, auditable systems
• Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation
• Excellent written and verbal communication, including the ability to translate complex security architectures into clear documentation and to operate as a consultative security partner across technical and non-technical teams
• Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: AWS Security Specialty, HashiCorp Terraform Associate, HashiCorp Vault Associate, CKS (Certified Kubernetes Security Specialist), GPYC (GIAC Python Coder), GCSA (GIAC Cloud Security Automation), or (ISC)² CCSP
• Nice to have: Contributions at the edge of what's possible with security and AI, including open-source projects, agent evaluation work, public writing, talks, or similar