Network Security Software Engineer

Basic Function

Lumin Digital is standing up a dedicated Network Security function within its Risk Engineering group to protect a growing product suite that handles sensitive financial data across multiple product lines. This role exists because the landscape has shifted: in a cloud-native, infrastructure-as-code environment, network security is no longer about managing router ACLs—it is about designing identity-aware policy enforcement, automating end-to-end change management, and building real-time visibility into network activity across both workforce and hosted contexts.

As the Network Security Software Engineer, you will be a domain authority who breaks network security out of the existing Security Engineering and SOC functions, building the specialization from the ground up. You will architect and deliver automated, lights-off pipelines—using agentic development practices and tools like Claude Code—that turn around security changes faster, go deeper than port and protocol in our defense-in-depth story, and extend coverage to the agents our teams create, not just the people who create them.

We are looking for a senior practitioner who will teach us what great network security looks like in a modern, highly-automated fintech environment—not someone who needs to be taught.

Essential Functions and Responsibilities:

• Own the architecture, implementation, and continuous improvement of Lumin’s network security program across cloud, SD-WAN, and ZTNA layers—designing identity-aware, policy-driven controls that secure both human and machine (agent) identities.

• Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step.

• Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity — integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture.

• Engineer production-grade tooling and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—using modern backend languages (Python strongly preferred) and infrastructure-as-code.

• Manage and tune network-layer detection capabilities — including IDS/IPS signatures, firewall rules, and WAF configuration — to ensure high-fidelity signals for SOC consumption.

• Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines that the broader team can learn from.

• Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one.

• Support compliance audit and assessment activities — including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows.

• Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation—raising the network security bar across the engineering organization.

• Perform other duties as assigned.

Physical Demands:

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

Supervisory Responsibility:

None.

Position Specifications

Education:

• Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.

• Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, Cloudflare certifications, or equivalent. Relevant certifications are valued but not required if depth of hands-on experience is demonstrated.

Experience:

• 5+ years of progressive experience in network security engineering, with a demonstrated track record of designing, automating, and operating network security controls in cloud-native or hybrid environments.

• Substantive hands-on engineering experience: you write production code, build integrations, and ship tooling—not just policies and diagrams.

• Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.

• Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.

• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.

Knowledge, Skills, & Abilities:

Required:

• Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.

• Hands-on experience with agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.

• Strong proficiency in at least one backend language (Python strongly preferred; Go or similar considered) with the ability to design and build production-grade APIs, automation frameworks, and integration platforms.

• Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.

• Demonstrated ability to write clear, precise engineering specifications and technical documentation; comfortable operating on a distributed, async-first team where written clarity drives outcomes.

• Sound engineering judgment: able to evaluate AI-generated code for correctness, security implications, and maintainability; able to architect systems for reliability and observability.

• Strong cross-functional communication skills: able to translate network security requirements into actionable engineering work and influence peers across Security, SRE, and Platform teams.

Preferred:

• Experience building real-time telemetry, monitoring, and threat detection pipelines for network traffic.

• Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.

• Experience integrating threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.

Travel:

• Minimal, generally 12 days or less per year (~2 team get-togethers per year).

Basic Function

Lumin Digital is standing up a dedicated Network Security function within its Risk Engineering group to protect a growing product suite that handles sensitive financial data across multiple product lines. This role exists because the landscape has shifted: in a cloud-native, infrastructure-as-code environment, network security is no longer about managing router ACLs—it is about designing identity-aware policy enforcement, automating end-to-end change management, and building real-time visibility into network activity across both workforce and hosted contexts.

As the Network Security Software Engineer, you will be a domain authority who breaks network security out of the existing Security Engineering and SOC functions, building the specialization from the ground up. You will architect and deliver automated, lights-off pipelines—using agentic development practices and tools like Claude Code—that turn around security changes faster, go deeper than port and protocol in our defense-in-depth story, and extend coverage to the agents our teams create, not just the people who create them.

We are looking for a senior practitioner who will teach us what great network security looks like in a modern, highly-automated fintech environment—not someone who needs to be taught.

Essential Functions and Responsibilities:

• Own the architecture, implementation, and continuous improvement of Lumin’s network security program across cloud, SD-WAN, and ZTNA layers—designing identity-aware, policy-driven controls that secure both human and machine (agent) identities.

• Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step.

• Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity — integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture.

• Engineer production-grade tooling and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—using modern backend languages (Python strongly preferred) and infrastructure-as-code.

• Manage and tune network-layer detection capabilities — including IDS/IPS signatures, firewall rules, and WAF configuration — to ensure high-fidelity signals for SOC consumption.

• Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines that the broader team can learn from.

• Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one.

• Support compliance audit and assessment activities — including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows.

• Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation—raising the network security bar across the engineering organization.

• Perform other duties as assigned.

Physical Demands:

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

Supervisory Responsibility:

None.

Position Specifications

Education:

• Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.

• Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, Cloudflare certifications, or equivalent. Relevant certifications are valued but not required if depth of hands-on experience is demonstrated.

Experience:

• 5+ years of progressive experience in network security engineering, with a demonstrated track record of designing, automating, and operating network security controls in cloud-native or hybrid environments.

• Substantive hands-on engineering experience: you write production code, build integrations, and ship tooling—not just policies and diagrams.

• Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.

• Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.

• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.

Knowledge, Skills, & Abilities:

Required:

• Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.

• Hands-on experience with agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.

• Strong proficiency in at least one backend language (Python strongly preferred; Go or similar considered) with the ability to design and build production-grade APIs, automation frameworks, and integration platforms.

• Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.

• Demonstrated ability to write clear, precise engineering specifications and technical documentation; comfortable operating on a distributed, async-first team where written clarity drives outcomes.

• Sound engineering judgment: able to evaluate AI-generated code for correctness, security implications, and maintainability; able to architect systems for reliability and observability.

• Strong cross-functional communication skills: able to translate network security requirements into actionable engineering work and influence peers across Security, SRE, and Platform teams.

Preferred:

• Experience building real-time telemetry, monitoring, and threat detection pipelines for network traffic.

• Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.

• Experience integrating threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.

Travel:

• Minimal, generally 12 days or less per year (~2 team get-togethers per year).

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base — and as a 100% cloud-native company, we're purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture is built on trust in our expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas. These values shape a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered every day. We encourage our team to explore, experiment, and challenge the status quo — because continuous improvement isn't just a goal, it's how we operate.

 

Benefits Include We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis. For more information, visit lumindigital.com.