Application Security Engineer

Summary

Join Lumin Digital as an Application Security Engineer and ensure the security of our digital banking solutions. You will integrate security practices throughout the software development lifecycle, performing vulnerability analysis, threat modeling, and collaborating with cross-functional teams. This role demands a proactive approach to risk mitigation, supporting compliance, and staying ahead of evolving threats. You will collaborate with product and development teams, implement security tools, and respond to security incidents. Success requires strong analytical and communication skills, along with experience in application security and relevant technologies. Lumin Digital offers a dynamic and innovative work environment.

Requirements

• Four (4) years of experience in a relevant technology domain, including security engineering, software engineering, or application vulnerability analysis
• Three (3) years of demonstrated experience in identifying and technically qualifying application security vulnerabilities in a full-time capacity for large-scale web, financial services, or mobile applications
• Ability to read and comprehend application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) and identify vulnerabilities such as command injection and inappropriate cryptographic usage
• Working knowledge of security vulnerabilities, including OWASP Top 10 and CWE
• Specialized knowledge of authentication and authorization frameworks, such as SAML, OIDC, OAuth 2.0, SCIM, JWT, WebAuthn, and OPA
• Strong analytical skills to validate and reproduce reported vulnerabilities through manual testing or scripting
• Effective written and verbal communication skills, with the ability to raise awareness and coordinate remediation activities
• Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field. Equivalent experience with demonstrated expertise may be considered

Responsibilities

• Collaborate with Product and Development teams to embed security into the software development lifecycle, from design to maintenance
• Provide guidance on secure architecture, coding practices, and CI/CD pipeline protection
• Implement and maintain automated application vulnerability scanning tools, including static (SAST) and dynamic (DAST) security testing solutions
• Coordinate manual application penetration testing assessments through third-party engagements and validate results
• Respond to application security incidents using industry-standard practices to identify, contain, and remediate vulnerabilities
• Monitor and optimize reporting and alerting systems to identify, prioritize, and address application security risks effectively
• Maintain comprehensive records of vulnerability detections and security posture across all systems, ensuring consistent improvement
• Support risk management, compliance, and audit activities by collecting evidence and producing reports to demonstrate security program effectiveness
• Serve as a first point of contact for reported vulnerabilities, triaging issues from internal sources, clients, and external researchers
• Conduct architectural and code reviews to identify vulnerabilities and recommend improvements to the application security posture
• Perform other duties as assigned

Preferred Qualifications

Familiarity with authentication and authorization frameworks (e.g., SAML, OIDC, OAuth 2.0) and applied cryptography concepts