Application Security Engineer

The Application Security Engineer at Lumin Digital is responsible for ensuring the security of digital banking solutions by integrating security practices throughout the product and software development lifecycle. This role involves vulnerability analysis, threat modeling, and collaborating with cross-functional teams to maintain a robust application security posture. Success in this role requires a proactive approach to identifying and mitigating risks, supporting compliance efforts, and staying ahead of evolving security threats.

Collaborate with Product and Development teams to embed security into the software development lifecycle, from design to maintenance.

Provide guidance on secure architecture, coding practices, and CI/CD pipeline protection.

Implement and maintain automated application vulnerability scanning tools, including static (SAST) and dynamic (DAST) security testing solutions.

Coordinate manual application penetration testing assessments through third-party engagements and validate results.

Respond to application security incidents using industry-standard practices to identify, contain, and remediate vulnerabilities.

Monitor and optimize reporting and alerting systems to identify, prioritize, and address application security risks effectively.

Maintain comprehensive records of vulnerability detections and security posture across all systems, ensuring consistent improvement.

Support risk management, compliance, and audit activities by collecting evidence and producing reports to demonstrate security program effectiveness.

Serve as a first point of contact for reported vulnerabilities, triaging issues from internal sources, clients, and external researchers.

Conduct architectural and code reviews to identify vulnerabilities and recommend improvements to the application security posture.

Perform other duties as assigned.

30 Days: Gain familiarity with Lumin Digital’s security tools, applications, and processes. Begin triaging security issues and working on initial vulnerability assessments.

90 Days: Take ownership of vulnerability scanning tools, coordinate with third-party testing partners, and contribute to improving application security processes.

1 Year: Lead application threat modeling initiatives, implement enhancements to the vulnerability management program, and provide strategic recommendations to improve Lumin Digital’s security posture.

Four (4) years of experience in a relevant technology domain, including security engineering, software engineering, or application vulnerability analysis.

Three (3) years of demonstrated experience in identifying and technically qualifying application security vulnerabilities in a full-time capacity for large-scale web, financial services, or mobile applications.

Ability to read and comprehend application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) and identify vulnerabilities such as command injection and inappropriate cryptographic usage.

Working knowledge of security vulnerabilities, including OWASP Top 10 and CWE.

Specialized knowledge of authentication and authorization frameworks, such as SAML, OIDC, OAuth 2.0, SCIM, JWT, WebAuthn, and OPA

Familiarity with authentication and authorization frameworks (e.g., SAML, OIDC, OAuth 2.0) and applied cryptography concepts.

Strong analytical skills to validate and reproduce reported vulnerabilities through manual testing or scripting.

Effective written and verbal communication skills, with the ability to raise awareness and coordinate remediation activities.

Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field. Equivalent experience with demonstrated expertise may be considered.