Remote Application Security Engineer

Description:

• The Application Security Engineer at Lumin Digital is responsible for ensuring the security of digital banking solutions by integrating security practices throughout the product and software development lifecycle.
• This role involves vulnerability analysis, threat modeling, and collaborating with cross-functional teams to maintain a robust application security posture.
• Success in this role requires a proactive approach to identifying and mitigating risks, supporting compliance efforts, and staying ahead of evolving security threats.
• Responsibilities include collaborating with Product and Development teams to embed security into the software development lifecycle, providing guidance on secure architecture, coding practices, and CI/CD pipeline protection.
• The engineer will implement and maintain automated application vulnerability scanning tools, including static (SAST) and dynamic (DAST) security testing solutions.
• They will coordinate manual application penetration testing assessments through third-party engagements and validate results.
• The role requires responding to application security incidents using industry-standard practices to identify, contain, and remediate vulnerabilities.
• Monitoring and optimizing reporting and alerting systems to identify, prioritize, and address application security risks effectively is essential.
• The engineer will maintain comprehensive records of vulnerability detections and security posture across all systems, ensuring consistent improvement.
• Supporting risk management, compliance, and audit activities by collecting evidence and producing reports to demonstrate security program effectiveness is also part of the job.
• The engineer will serve as a first point of contact for reported vulnerabilities, triaging issues from internal sources, clients, and external researchers.
• Conducting architectural and code reviews to identify vulnerabilities and recommend improvements to the application security posture is required.
• Other duties may be assigned as needed.

Requirements:

• Candidates must have four (4) years of experience in a relevant technology domain, including security engineering, software engineering, or application vulnerability analysis.
• A minimum of three (3) years of demonstrated experience in identifying and technically qualifying application security vulnerabilities in a full-time capacity for large-scale web, financial services, or mobile applications is required.
• The ability to read and comprehend application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) and identify vulnerabilities such as command injection and inappropriate cryptographic usage is necessary.
• Candidates should have a working knowledge of security vulnerabilities, including OWASP Top 10 and CWE.
• Specialized knowledge of authentication and authorization frameworks, such as SAML, OIDC, OAuth 2.0, SCIM, JWT, WebAuthn, and OPA is required.
• Familiarity with authentication and authorization frameworks and applied cryptography concepts is essential.
• Strong analytical skills to validate and reproduce reported vulnerabilities through manual testing or scripting are needed.
• Effective written and verbal communication skills, with the ability to raise awareness and coordinate remediation activities, are important.
• A Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field is required, although equivalent experience with demonstrated expertise may be considered.

Benefits:

• The position offers a competitive salary range of $110,000 - $130,000 a year.
• Lumin Digital promotes a culture of curiosity and innovation, fostering trust, respect, and boldness in pursuing innovative paths.
• Employees are encouraged to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
• The company values collaboration and the flourishing of ideas, creating a workplace where new possibilities are discovered.
• All qualified applicants, including those with arrest or conviction records, will be considered for employment, promoting inclusivity in the hiring process.