Basic Function

Lumin Digital is standing up a dedicated Network Security function within its Risk Engineering group to protect a growing product suite that handles sensitive financial data across multiple product lines. This role exists because the landscape has shifted: in a cloud-native, infrastructure-as-code environment, network security is no longer about managing router ACLs-it is about designing identity-aware policy enforcement, automating end-to-end change management, and building real-time visibility into network activity across both workforce and hosted contexts.

As the Network Security Software Engineer, you will be a domain authority who breaks network security out of the existing Security Engineering and SOC functions, building the specialization from the ground up. You will architect and deliver automated, lights-off pipelines-using agentic development practices and tools like Claude Code-that turn around security changes faster, go deeper than port and protocol in our defense-in-depth story, and extend coverage to the agents our teams create, not just the people who create them.

We are looking for a senior practitioner who will teach us what great network security looks like in a modern, highly-automated fintech environment-not someone who needs to be taught.

Essential Functions and Responsibilities:

• Own the architecture, implementation, and continuous improvement of Lumin's network security program across cloud, SD-WAN, and ZTNA layers-designing identity-aware, policy-driven controls that secure both human and machine (agent) identities.
>
• Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step.
>
• Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity - integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture.
>
• Engineer production-grade tooling and services-including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment-using modern backend languages (Python strongly preferred) and infrastructure-as-code.
>
• Manage and tune network-layer detection capabilities - including IDS/IPS signatures, firewall rules, and WAF configuration - to ensure high-fidelity signals for SOC consumption.
>
• Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines that the broader team can learn from.
>
• Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one.
>
• Support compliance audit and assessment activities - including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows.
>
• Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation-raising the network security bar across the engineering organization.
>
• Perform other duties as assigned.
>

Physical Demands:

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.
>
• Specific vision abilities required by this job include close vision.
>
• Ability to occasionally lift/move up to 25 pounds.
>

Supervisory Responsibility:

None.

Position Specifications

Education:

• Bachelor's degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.
>
• Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, Cloudflare certifications, or equivalent. Relevant certifications are valued but not required if depth of hands-on experience is demonstrated.
>

Experience:

• 5+ years of progressive experience in network security engineering, with a demonstrated track record of designing, automating, and operating network security controls in cloud-native or hybrid environments.
>
• Substantive hands-on engineering experience: you write production code, build integrations, and ship tooling-not just policies and diagrams.
>
• Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.
>
• Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.
>
• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.
>

Knowledge, Skills, & Abilities:

Required:

• Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.
>
• Hands-on experience with agentic coding tools and workflows (Claude Code, Cursor, or equivalent)-or demonstrated eagerness and aptitude to adopt them as a primary development methodology.
>
• Strong proficiency in at least one backend language (Python strongly preferred; Go or similar considered) with the ability to design and build production-grade APIs, automation frameworks, and integration platforms.
>
• Thorough understanding of identity-aware network security-designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.
>
• Demonstrated ability to write clear, precise engineering specifications and technical documentation; comfortable operating on a distributed, async-first team where written clarity drives outcomes.
>
• Sound engineering judgment: able to evaluate AI-generated code for correctness, security implications, and maintainability; able to architect systems for reliability and observability.
>
• Strong cross-functional communication skills: able to translate network security requirements into actionable engineering work and influence peers across Security, SRE, and Platform teams.
>

Preferred:

• Experience building real-time telemetry, monitoring, and threat detection pipelines for network traffic.
>
• Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.
>
• Experience integrating threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.
>

Travel:

• Minimal, generally 12 days or less per year (~2 team get-togethers per year).
>

$145,000 - $175,000 a year

Benefits Include We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.