# Vulnerability Automation Engineer

**Company:** [Lumin Digital](https://hotfix.jobs/companies/lumin-digital)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $170k – $190k/yr
**Experience:** 5+ years
**Skills:** Python, Go, Bash, Terraform, Kubernetes, CI/CD, Tenable, Qualys, Wiz, Snyk, Trivy, Grype, Claude Code, Github Copilot, Aws Config
**Posted:** 2026-05-05

> Designs and builds autonomous vulnerability automation pipelines using AI tools to discover assets, scan vulnerabilities, harden configurations, and auto-remediate in cloud-native environments. Requires 5+ years in security engineering, DevSecOps, IaC, and cloud security tools.

## Job Description

## Responsibilities
- Design and implement end-to-end vulnerability automation pipelines for asset discovery, configuration assessment, vulnerability identification, and remediation without manual intervention.
- Build and maintain **agentic AI workflows** using tools like **Claude Code** and MCP integrations for security tasks including code review, configuration drift detection, and patch deployment.
- Engineer automated asset discovery and inventory systems for real-time views of infrastructure, including ephemeral and containerized workloads.
- Develop automated configuration hardening pipelines enforcing **CIS Benchmarks** with drift detection and auto-remediation.
- Create **infrastructure-as-code** templates (**Terraform**), **policy-as-code** rules, and automated playbooks embedding security into deployment pipelines.
- Build self-service remediation tooling and agentic support systems for dev and infra teams.
- Integrate vulnerability data sources (**Tenable**, **Qualys**, **Wiz**, **Snyk**, **Trivy**, **Grype**) into unified platforms with prioritization.
- Develop metrics, dashboards, and automated reporting for vulnerability posture visibility.
- Collaborate to embed automation into **CI/CD** pipelines and workflows.

## Requirements
- **5+ years** in security engineering, **DevSecOps**, vulnerability management, or infrastructure automation.
- Experience building automation pipelines with **Python**, **Go**, **Bash**, **Terraform**.
- Proven work in cloud-native environments with **Kubernetes**, serverless, **CI/CD**.
- Experience with vulnerability scanning tools and programmatic integration.
- Deep knowledge of vulnerability classes (**OWASP Top 10**, **CWE**, **CVE/CVSS**, **EPSS**).
- Proficiency with **AI-assisted tools** (**Claude Code**, **GitHub Copilot**).
- Strong software engineering: **Git**, code review, testing, **CI/CD**, API design.
- Hands-on with cloud security (**AWS Config**, **GuardDuty**, **Inspector**, **Security Hub**).

## Nice-to-Haves
- **MCP** integrations, custom AI tool-use pipelines, open-source security automation.
- Certifications: **GPYC**, **GPEN**, **GXPN**, **AWS Security Specialty**, **GCP Professional Cloud Security Engineer**, **CKS**, **HashiCorp Terraform Associate**.

## Similar roles

- [Endpoint Security Engineer](https://hotfix.jobs/jobs/e9f904e5-b1d3-4a26-b61e-06c5e375ab90) - Crusoe - San Francisco, CA - $170k – $205k/yr
- [Software Engineer, Trust & Safety](https://hotfix.jobs/jobs/7d005694-1f26-43da-8d18-cb58960d2d1e) - Suno - San Francisco, CA - $170k – $240k/yr
- [Software Engineer, Security Infrastructure](https://hotfix.jobs/jobs/10bace96-4568-4b74-8991-363cb538257c) - Siftstack - Marina del Rey, CA - $170k – $220k/yr
- [Incident Response Security Engineer](https://hotfix.jobs/jobs/d002a19f-a1ab-4434-977e-b1a71be0e1c8) - Clickhouse - Remote - $169k – $225k/yr
- [Security Engineer, Detection & Response](https://hotfix.jobs/jobs/28f93e48-86dd-4627-a850-c2fe4fa0a170) - Liftoff - Remote - $172k – $240k/yr

**Apply:** https://hotfix.jobs/jobs/1a05493d-ddf1-4123-8eaa-22774b293d93
**Canonical:** https://hotfix.jobs/jobs/1a05493d-ddf1-4123-8eaa-22774b293d93