# Manager, Network Security

**Company:** [Lumin Digital](https://hotfix.jobs/companies/lumin-digital)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $180k – $200k/yr
**Experience:** 7+ years
**Skills:** Network Security, Cloudflare, Zscaler, Palo Alto, Terraform, CloudFormation, CI/CD, Firewall Policy Design, Ztna, Sd-Wan, Ddos Mitigation, Micro-Segmentation, Python, Bash, Infrastructure As Code
**Posted:** 2026-05-22

> Lead and build a new network security function at a fintech company, managing a team of engineers, setting technical direction for cloud-native network security architecture, and establishing automated, identity-aware security controls across cloud, SD-WAN, and ZTNA environments.

## Job Description

## Essential Functions and Responsibilities

- Build, lead, and mentor a team of senior Network Security Software Engineers — owning the hiring process, setting role expectations, and onboarding engineers into a newly established function.
- Define and continuously mature the network security program — establishing policies, standards, runbooks, and roadmaps across cloud infrastructure, corporate IT, and third-party connectivity; own network segmentation strategy across product and environment boundaries.
- Serve as the primary escalation point for architectural decisions and cross-functional scope disputes — maintaining clear lines of authority as the function establishes itself within the broader engineering organization.
- Partner with the Director of Risk Engineering to communicate program status, risk posture, and investment needs; contribute to security strategy reporting to senior leadership.
- Own Lumin's network security architecture strategy and change management model across cloud, SD-WAN, and ZTNA layers — designing identity-aware, policy-driven controls that secure both human and machine (agent) identities, and setting the standard for fully automated, audit-ready change delivery.
- Serve as the program-level authority for the team's network security tooling and automation initiatives — writing, reviewing, and iterating on engineering specifications that drive AI-assisted coding workflows; validating software outputs for correctness and security soundness, applying hands-on expertise that engineering tools alone cannot provide.
- Own the strategy for network-layer detection and response — including IDS/IPS management, firewall rule governance, WAF configuration, DDoS mitigation, and real-time telemetry — ensuring the SOC has high-fidelity, actionable network security signals.
- Serve as the network security subject matter expert for compliance audit and assessment activities; own network risk assessments, penetration test scoping, remediation tracking, and network diagram inventory across cloud and corporate environments.
- Embed network security requirements into SOC, SRE, and IT/Corporate Engineering workflows; manage third-party and vendor network connectivity to ensure all external connectivity meets security policy and compliance standards.

## Position Specifications

**Education:**
- Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.
- Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, AWS Certified Security, Cloudflare certifications, or equivalent.

**Experience:**
- 7+ years of progressive experience in network security, with at least 2 years in a lead or management capacity, in a cloud-native or hybrid environment.
- Demonstrated track record of building or maturing a network security program — including policy development, tooling evaluation, team building, and cross-functional stakeholder management.
- Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.
- Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.
- Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.
- Experience with leading teams that leverage agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.

**Knowledge, Skills, & Abilities:**

**Required:**
- Demonstrated ability to lead, develop, and hold accountable a technical engineering team — setting expectations, managing performance, and building a high-trust team culture.
- Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.
- Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.
- Demonstrated ability to write clear, precise engineering specifications and technical documentation that can drive AI-assisted development workflows; comfortable operating on a distributed, async-first team where written clarity drives outcomes.
- Sound engineering judgment: able to evaluate software outputs for correctness, security implications, and maintainability; able to architect systems for reliability and observability.
- Strong cross-functional communication skills: able to translate network security requirements into actionable engineering work and influence peers across Security, SRE, and Platform teams.
- Proven ability to lead through ambiguity — comfortable inheriting an incomplete program, building structure around it, and navigating organizational transitions.

**Preferred:**
- Experience building or overseeing real-time telemetry, monitoring, and threat detection pipelines for network traffic.
- Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.
- Experience building or overseeing the integration of threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.
- Scripting ability (Python, Bash) for automation of network security tasks and log analysis.

## Similar roles

- [Senior GRC Engineer](https://hotfix.jobs/jobs/bfcb5755-185d-4c09-bda1-9f49a4ecb6c8) - Postman - San Francisco, CA - $180k – $200k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/79016b33-ba89-41bf-b2dc-def7958e241d) - Monarch - Remote - $180k – $215k/yr
- [Senior Security Engineer, GRC](https://hotfix.jobs/jobs/8a3040c3-16a4-42c0-8c91-cbee4a8039b3) - Temporal - Remote - $180k – $225k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/48ed30bc-1b7a-42a6-9225-139997bf3b3b) - Kaizen Labs - New York, NY - $180k – $220k/yr
- [Senior Security Engineer, Identity & Access Management](https://hotfix.jobs/jobs/690a9da1-adb4-446e-8412-040b163cef7b) - Valon - Remote - $180k – $230k/yr

**Apply:** https://hotfix.jobs/jobs/675ca948-bd5b-42a9-a275-8767a272094e
**Canonical:** https://hotfix.jobs/jobs/675ca948-bd5b-42a9-a275-8767a272094e