Lumin Digital
Overview
Basic Function The Application Security (AppSec) team at Lumin Digital is responsible for guiding and supporting a secure software development lifecycle across all products and internal applications developed within the company. This team is responsible for helping code authors across the entire organization build security into our technology from early conceptualization and design phases, not bolt it on as an afterthought or check-the-box activity. This role leads the AppSec function by driving strategic improvements in application security, coordinating with teams across the company, and promoting a shared understanding that code quality includes security. The role requires strong technical leadership and collaboration to ensure our application security posture continuously evolves and strengthens over time.
Essential Functions and Responsibilities:
Identify emerging industry threats, observed trends, and industry best practices guidelines to identify gaps and identify, plan, design, and enhance our application security posture in collaboration across Lumin Digital
Develop, collect, and summarize meaningful measures of application security to evaluate program performance
Collaborate with other leaders to understand vulnerabilities and to develop mitigation strategies that address current findings and reduce the likelihood of future occurrence of the same classes of issues
Ensure integration of security tooling into CI/CD pipelines with minimal developer friction
Review the technical methods and output of the AppSec team to ascertain the quality and fit of activities such as threat modeling, secure design reviews, and architectural risk assessments, and provide constructive and detailed feedback to improve team members’ ability to perform their duties
Lead improvements in secure coding standards, developer training, and evaluation of assessment tools
Review client-sponsored application assessments to qualify and prepare responses
Perform other duties as assigned
Supervisory Responsibility:
Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth.
Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities.
Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair and consistent application of policies and procedures.
Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives.
Position Specifications
Education:
Bachelor's degree in Computer Science, Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and experience in cybersecurity with demonstrated command of key application security concepts and technologies and proficiencies in threat modeling, detective and preventative controls, application security testing, and other relevant technical security risk management domains.
Experience:
5 years of hands-on technical experience directly working with detective security controls, including web application firewalls, TLS inspecting proxies, tools integrated into CI/CD pipelines, including SCA, SAST, DAST, and MAST. 3 years of experience leading complex security initiatives or driving secure application design practices within a team or organization required. This may include project leadership, technical mentorship, or ownership of code security or quality programs, ideally within financial institutions or fintech companies. Experience with large-scale AWS operating environments, Linux, Kubernetes, Git, and scripting languages required. Experience with administering public or private bug bounty programs required. Experience analyzing and summarizing trends in application-layer threats, vulnerabilities, and posture to internal management teams is required. Applicants are invited to provide an example or excerpt of a report or presentation they solely developed, with any confidential information redacted, in their cover letter that illustrates this experience and skill.
Knowledge, Skills, & Abilities:
Excellent teamwork skills, including the ability to develop long-term partnerships for continual improvement in established technology platforms with mature product lifecycle management processes; excellent data analysis skills, including using tools like Excel or Google Sheets, to customize and report on key metrics; strong written and verbal communication skills; strong presentation delivery skills; ability to read, comprehend, and contextualize technical details contained in vulnerability assessments and penetration testing reports; ability to respectfully challenge norms and appropriately question assumptions; expert knowledge of application security concepts related to detecting anomalous and threatening HTTPS and WebSocket activity; strong knowledge of cloud security in AWS and the AWS shared responsibility model; strong knowledge of vulnerability prioritization methods (CVSS, EPSS); strong knowledge of financial regulations influencing application security designs (PCI DSS); calm and serious attitude with effective coordination skills; strong client orientation and professional demeanor; ability to prioritize tasks, exercise sound judgment, and maintain confidentiality; ability to work remotely with minimal supervision.
Travel:
Minimal, generally 12 days or less per year
$175,000 - $194,998 a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.
For more information, visit lumindigital.com
#J-18808-Ljbffr
Basic Function The Application Security (AppSec) team at Lumin Digital is responsible for guiding and supporting a secure software development lifecycle across all products and internal applications developed within the company. This team is responsible for helping code authors across the entire organization build security into our technology from early conceptualization and design phases, not bolt it on as an afterthought or check-the-box activity. This role leads the AppSec function by driving strategic improvements in application security, coordinating with teams across the company, and promoting a shared understanding that code quality includes security. The role requires strong technical leadership and collaboration to ensure our application security posture continuously evolves and strengthens over time.
Essential Functions and Responsibilities:
Identify emerging industry threats, observed trends, and industry best practices guidelines to identify gaps and identify, plan, design, and enhance our application security posture in collaboration across Lumin Digital
Develop, collect, and summarize meaningful measures of application security to evaluate program performance
Collaborate with other leaders to understand vulnerabilities and to develop mitigation strategies that address current findings and reduce the likelihood of future occurrence of the same classes of issues
Ensure integration of security tooling into CI/CD pipelines with minimal developer friction
Review the technical methods and output of the AppSec team to ascertain the quality and fit of activities such as threat modeling, secure design reviews, and architectural risk assessments, and provide constructive and detailed feedback to improve team members’ ability to perform their duties
Lead improvements in secure coding standards, developer training, and evaluation of assessment tools
Review client-sponsored application assessments to qualify and prepare responses
Perform other duties as assigned
Supervisory Responsibility:
Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth.
Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities.
Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair and consistent application of policies and procedures.
Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives.
Position Specifications
Education:
Bachelor's degree in Computer Science, Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and experience in cybersecurity with demonstrated command of key application security concepts and technologies and proficiencies in threat modeling, detective and preventative controls, application security testing, and other relevant technical security risk management domains.
Experience:
5 years of hands-on technical experience directly working with detective security controls, including web application firewalls, TLS inspecting proxies, tools integrated into CI/CD pipelines, including SCA, SAST, DAST, and MAST. 3 years of experience leading complex security initiatives or driving secure application design practices within a team or organization required. This may include project leadership, technical mentorship, or ownership of code security or quality programs, ideally within financial institutions or fintech companies. Experience with large-scale AWS operating environments, Linux, Kubernetes, Git, and scripting languages required. Experience with administering public or private bug bounty programs required. Experience analyzing and summarizing trends in application-layer threats, vulnerabilities, and posture to internal management teams is required. Applicants are invited to provide an example or excerpt of a report or presentation they solely developed, with any confidential information redacted, in their cover letter that illustrates this experience and skill.
Knowledge, Skills, & Abilities:
Excellent teamwork skills, including the ability to develop long-term partnerships for continual improvement in established technology platforms with mature product lifecycle management processes; excellent data analysis skills, including using tools like Excel or Google Sheets, to customize and report on key metrics; strong written and verbal communication skills; strong presentation delivery skills; ability to read, comprehend, and contextualize technical details contained in vulnerability assessments and penetration testing reports; ability to respectfully challenge norms and appropriately question assumptions; expert knowledge of application security concepts related to detecting anomalous and threatening HTTPS and WebSocket activity; strong knowledge of cloud security in AWS and the AWS shared responsibility model; strong knowledge of vulnerability prioritization methods (CVSS, EPSS); strong knowledge of financial regulations influencing application security designs (PCI DSS); calm and serious attitude with effective coordination skills; strong client orientation and professional demeanor; ability to prioritize tasks, exercise sound judgment, and maintain confidentiality; ability to work remotely with minimal supervision.
Travel:
Minimal, generally 12 days or less per year
$175,000 - $194,998 a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.
For more information, visit lumindigital.com
#J-18808-Ljbffr