# Network Security Software Engineer

**Company:** [Lumin Digital](https://hotfix.jobs/companies/lumin-digital)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $145k – $175k/yr
**Experience:** 5+ years
**Skills:** Python, Terraform, CloudFormation, Cloudflare, Zscaler, Palo Alto, Firewall Policy Design, Micro-Segmentation, Ztna, Sd-Wan, Ddos Mitigation, Ids/Ips, Waf, CI/CD, Infrastructure As Code
**Posted:** 2026-05-28

> Senior Network Security Software Engineer building automated, identity-aware network security controls and pipelines across cloud, SD-WAN, and ZTNA environments in a fintech setting.

## Job Description

## Essential Functions and Responsibilities

- Own the architecture, implementation, and continuous improvement of network security program across cloud, SD-WAN, and ZTNA layers—designing identity-aware, policy-driven controls that secure both human and machine (agent) identities.
- Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step.
- Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity—integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture.
- Engineer production-grade tooling and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—using modern backend languages (Python strongly preferred) and infrastructure-as-code.
- Manage and tune network-layer detection capabilities—including IDS/IPS signatures, firewall rules, and WAF configuration—to ensure high-fidelity signals for SOC consumption.
- Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines.
- Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one.
- Support compliance audit and assessment activities—including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows.
- Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation.

## Requirements

- Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.
- 5+ years of progressive experience in network security engineering, with demonstrated track record of designing, automating, and operating network security controls in cloud-native or hybrid environments.
- Substantive hands-on engineering experience: write production code, build integrations, and ship tooling.
- Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.
- Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.
- Hands-on experience with agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.
- Strong proficiency in at least one backend language (Python strongly preferred; Go or similar considered) with the ability to design and build production-grade APIs, automation frameworks, and integration platforms.
- Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.
- Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.
- Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.
- Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, Cloudflare certifications, or equivalent.

## Nice-to-Haves

- Experience building real-time telemetry, monitoring, and threat detection pipelines for network traffic.
- Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.
- Experience integrating threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.

## Similar roles

- [Site Security Manager, Industrial Security](https://hotfix.jobs/jobs/686436a3-943c-46f9-be53-95e8fea2778c) - Scale AI - Washington, DC - $148k – $222k/yr
- [Security Engineer](https://hotfix.jobs/jobs/8913deb3-fccc-48ca-84a7-d452d7457cb2) - Figma - Remote - $149k – $350k/yr
- [Cloud Security Engineer](https://hotfix.jobs/jobs/543dd116-127a-4348-a38f-4a5c025af160) - Virta Health - Remote - $149k – $188k/yr
- [Software Engineer, Identity](https://hotfix.jobs/jobs/95795ec8-bfd1-44c8-a7a1-b16c9be3d31b) - Mercor - San Francisco, CA - $150k – $325k/yr
- [IT Security Operations Engineer](https://hotfix.jobs/jobs/ab8df8f3-05c1-4b41-a516-c95445575498) - AKASA - San Francisco, CA - $150k – $190k/yr

**Apply:** https://hotfix.jobs/jobs/aeb14ef3-c836-4870-8331-49f2649d4470
**Canonical:** https://hotfix.jobs/jobs/aeb14ef3-c836-4870-8331-49f2649d4470