Senior Software Engineer

Summary

Join Lumos, a fast-growing startup revolutionizing app and access management, as a Senior Software Engineer. You will play a key role in designing and developing our Security Platform, building core security systems to protect customer data and empower product teams. Collaborate with engineering, product, and platform teams to create secure-by-default primitives, including authentication and authorization flows, secrets management, and more. Your work will directly impact how internal teams and enterprise customers experience security. This is an opportunity to contribute meaningfully to a company backed by renowned investors like Andreessen Horowitz. Lumos values ownership, curiosity, and trust, offering a unique culture and significant influence on the company's trajectory.

Requirements

• 3+ years of experience as a Security Engineer or Software Engineer with a focus on Security
• Experience designing and implementing security solutions for applications and distributed systems For example, authentication flows and authorization frameworks , secrets management
• Strong backend development skills ( Python and TypeScript knowledge is a strong plus)
• Experience with threat modeling , red teaming , penetration testing , or other means of identifying security issues
• Experience in AWS platforms and services (we will also consider equivalent experience in Azure and GCP )
• Experience securely developing and applying Infrastructure as Code solutions
• Strong product thinking and a thoughtful approach to developer experience —balancing flexibility, safety, and simplicity in platform design
• A collaborative mindset and the ability to partner across product , engineering , and design to deliver impactful platform features

Responsibilities

• Contribute meaningfully to the Lumos code base
• Designing a secure proxy service for brokering customer integration credentials
• Building a SCIM server so Lumos can respond immediately to user and group updates in a customer’s Identity Provider
• Implementing the OAuth 2.0 Device Authorization Grant flow to authenticate the Lumos CLI
• Partner with Engineering to incorporate Secure by Design principals throughout every portion of the Secure Software Development Lifecycle (SSDLC)
• Contribute to complex prioritization discussions around which risks are the most important to solve next
• Plan projects to address the risks we prioritize and coordinate with cross-functional stakeholders across the company to execute those projects
• Extend our detection and response capabilities by building solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
• Identify and remediate vulnerabilities within the Lumos code base
• Assist with control enforcement and policy creation in alignment with our compliance obligations (SOC 2 Type II, ISO 27001)
• Support ongoing penetration testing programs
• Participate in security related incident response

Preferred Qualifications

• Experience at growth-stage startups is a strong plus
• Familiarity with compliance frameworks such as SOC 2 Type 2 and ISO 27001 is a plus
• Familiarity with IGA and IAM is a strong plus

Benefits

• Remote work culture (+/-4 hours Pacific Time)
• Medical, Vision, & Dental coverage covered by Lumos
• Company and team bonding trips throughout the year fully covered by Lumos
• Optimal WFH setup to set you up for success
• Unlimited PTO, with minimum time off to make sure you are rested and able to be at your best
• Up to 16 weeks for expecting parents
• Wellness stipend to keep you awesome and healthy
• 401k matching plan