Security Platform Engineer

Lumin Digital's Security Engineering team is a true engineering organization that protects a cloud-hosted digital banking platform serving financial institutions and their members. As a Security Platform Engineer, you will apply reliability engineering to our security-critical infrastructure: building systems that scale gracefully, recover automatically, and converge on correct operation across hundreds of environments. Your scope spans telemetry clusters, GitOps-driven deployment workflows, and the patterns that make security a paved path for the rest of engineering. You will work in AI-assisted engineering tools every day: agentic coding assistants like Claude Code, MCP-based integrations, and custom agent harnesses. This role exists for Platform and Reliability Engineers who treat AI as part of their working medium and have something to teach the rest of us about reliability in an AI-native world. Success means our security fabric scales without us, and our on-call rotations get quieter every quarter.

• →

  Build and operate Lumin's security fabric: the foundation other security capabilities depend on, engineered for reliability and scale across hundreds of environments.

• →

  Build and maintain agentic AI workflows using tools like Claude Code, MCP-based integrations, and custom agent harnesses to automate security platform engineering tasks. Examples include infrastructure code review, configuration drift detection, runbook generation, and incident timeline synthesis.

• →

  Build and operate security telemetry, log analytics, and observability infrastructure: logging clusters, ingest pipelines, OpenSearch index management and performance tuning, and the alerting systems that enable detection and response capabilities across the platform.

• →

  Design and implement deployment workflows using GitOps patterns (ArgoCD, Argo Workflows, Kustomize) to manage security infrastructure across hundreds of AWS accounts and regions, with consistency, auditability, and separation of duties enforced as code.

• →

  Write and maintain production-quality Python applications and tooling that support platform operations: automation, integrations, internal utilities, and the AI-assisted workflows that wrap them.

• →

  Secure and operate Kubernetes workloads in EKS, configuring RBAC, network policies, and deployment safeguards to reduce lateral movement and minimize blast radius for security services.

• →

  Design and maintain secure cross-account and multi-region infrastructure patterns, including KMS, IAM roles, and VPC configurations, ensuring consistent security posture across hundreds of environments.

• →

  Participate in an on-call rotation for security infrastructure services, restoring service health, documenting resolutions, and converging the systems toward needing fewer humans in the loop over time.

• →

  Provide engineering support during security incidents by ensuring logging and monitoring infrastructure is healthy, data is available, and tooling is functioning, in coordination with Security Operations, who own the response process.

• →

  Support internal security audits and compliance frameworks by engineering evidence collection into the platform's data flows.

• →

  Collaborate with other Security Engineers, Risk teams, and core Site Reliability Engineering to align infrastructure decisions and share operational knowledge.

• →

  Evaluate emerging AI-assisted engineering patterns and tooling through proof-of-concept work, including agent harness designs, prompt patterns, and eval methodologies relevant to platform reliability and security automation. Promote what proves itself into team standard practice.

• →

  Perform other duties as assigned.

• →

  None.

• While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel; and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field, or equivalent combination of demonstrated engineering experience, shipped projects, and certifications in platform engineering, reliability engineering, or cloud-native systems.

• Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: AWS Solutions Architect Associate or Professional, AWS DevOps Engineer Professional, AWS Security Specialty, HashiCorp Terraform Associate, CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), or GCSA (GIAC Cloud Security Automation).

• 5+ years of hands-on experience in platform engineering, infrastructure engineering, reliability engineering, DevSecOps, or a closely related technical discipline, with a strong emphasis on building engineered systems rather than operating manual processes.

• At least 1 year of production experience with at least 2 agentic coding tools, such as Claude Code, Gemini, Cursor, Codex, AMP, or OpenCode.

• Demonstrated experience building and shipping production code in Python or a similarly capable language, with infrastructure-as-code tools such as Terraform.

• Proven track record of operating cloud-native infrastructure in production, with deep familiarity in AWS, Kubernetes, multi-account / multi-region patterns, and CI/CD pipeline integration.

• Experience with security telemetry platforms (OpenSearch or similar), GitOps deployment patterns (ArgoCD, Argo Workflows, Kustomize, or similar), or reliability engineering practices in a security or compliance-sensitive context preferred.

• Fluency with AI-assisted development tools like Claude Code and similar agentic coding assistants, including the ability to design, prompt, and orchestrate agents for platform engineering and security automation workflows. Production experience where AI was load-bearing in the build.

• Hands-on experience shipping at the agentic tool layer: MCP integrations, custom agent harnesses, or AI tool-use pipelines.

• Strong software engineering fundamentals: version control, code review, testing, CI/CD, and API design, with the ability to write production-quality, maintainable code rather than throwaway scripts.

• Strong foundation in reliability engineering: capacity planning, SLO development, on-call experience, incident management, and designing for operational resilience in security and compliance-sensitive contexts. Calm under pressure when systems break.

• Hands-on proficiency with cloud-native platform engineering: AWS (KMS, IAM, EKS, networking, and supporting services), Kubernetes, and Terraform or equivalent IaC tools.

• Demonstrated experience with GitOps deployment patterns (ArgoCD, Argo Workflows, Kustomize, or similar) and container orchestration in production environments.

• Experience with security telemetry pipelines and log analytics platforms (OpenSearch or similar), including data normalization, enrichment, and the structural fidelity required for downstream automation.

• Working knowledge of cloud security and compliance frameworks (SOC 2, PCI DSS, CIS Benchmarks, AWS Well-Architected), with the ability to translate control requirements into automated, auditable systems.

• Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. A repeated manual process is a bug, not a task.

• Excellent written and verbal communication, including the ability to translate complex platform architectures into clear documentation, runbooks, and knowledge-transfer materials. Comfort with a fully remote, async-first culture where Slack and thorough documentation are how decisions get made.

• Nice to have: Contributions at the edge of what's possible with platform reliability and AI, including open-source projects, agent evaluation work, public writing, talks, or similar.

• Minimal, generally 12 days or less per year, approximately two team get-togethers per year.

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base — and as a 100% cloud-native company, we're purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture is built on trust in our expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas. These values shape a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered every day. We encourage our team to explore, experiment, and challenge the status quo — because continuous improvement isn't just a goal, it's how we operate.

Benefits include: We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis. For more information, visit lumindigital.com.