# Sr. Application Security Engineer **Company:** [Lumin Digital](https://hotfix.jobs/companies/lumin-digital) **Location:** Remote **Salary:** $155K-$175K **Experience:** 7+ years **Skills:** AWS, Kubernetes, Java, C#, JavaScript, TypeScript, Python, Swift, Kotlin, Oauth 2.0, OIDC, SAML, Jwt, Webauthn, Sast/Dast/Sca/Penetration Testing Tools **Posted:** 2026-05-18 > Hands-on technical leader securing a B2B2C SaaS platform across the SDLC with deep expertise in application security, AI-augmented workflows, cloud-native security, and LLM-specific threat mitigation. ## Job Description ## Responsibilities - Lead security architecture reviews for new and existing applications, embedding secure-by-design principles from initial design through deployment and ongoing operation. - Develop, enforce, and refine secure coding standards across engineering teams using automated security scans (SAST, DAST, SCA), AI-assisted code review (Claude Code), manual code audits, and secure development training. - Own the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating signals from static analysis, dynamic testing, software composition analysis, and runtime telemetry to build risk-scoring models. - Continuously improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-powered features using AI tools (Claude Security) for accelerated threat model generation. - Develop custom security automation tools and scripts to improve detection and response capabilities, including AI-assisted vulnerability auto-fix workflows and integration of AI-powered security tooling into CI/CD pipelines. - Own and operate the company's bug bounty program end-to-end: define program strategy, triage and validate submissions, assess severity, and engage with the security research community. - Manage vulnerability triage and prioritization processes, ensuring assessments align with exploitability, business impact, and compliance requirements. - Influence product roadmaps by identifying and advocating for security enhancements aligned with regulatory requirements, industry best practices, and AI-integrated application threats. - Mentor security engineers and developers on secure coding, vulnerability remediation, and AI-augmented security workflows. - Present security findings, risk assessments, and program metrics to senior leadership, clients, auditors, and regulators. ## Requirements - 7+ years of progressive experience in application security, software security engineering, or related domain within production SaaS environments. - Extensive hands-on experience in secure software development, DevSecOps pipeline design, and security testing methodologies (SAST, DAST, SCA, penetration testing). - Demonstrated experience securing large-scale cloud-native applications, APIs, and microservices architectures. - Experience leading application security initiatives, defining program strategy, and mentoring engineering teams. - Regular hands-on use of AI-powered security and development tools (Claude Code, Claude Security, or comparable) as part of daily workflows. - Experience assessing AI-specific attack surfaces in LLM-integrated applications (prompt injection, context leakage, insecure tool use, model denial-of-service). - Deep expertise in AWS security, Kubernetes security, and cloud-native application security best practices. - Strong programming proficiency to review and assess security risks in one or more of: Java, C#, JavaScript/TypeScript, Python, Swift, or Kotlin. - Expertise in secure authentication and authorization mechanisms (OAuth 2.0, OIDC, SAML, JWT, WebAuthn, Zero Trust). - Hands-on proficiency with AI-augmented security workflows for vulnerability discovery, remediation, threat modeling, and security automation. - Strong understanding of OWASP Top 10, OWASP Top 10 for LLM Applications, SANS 25, CVSS/EPSS scoring, and MITRE ATT&CK framework. - Ability to identify, assess, and mitigate prompt injection vulnerabilities in LLM-integrated applications. - Experience with secure context window management in AI-powered products. - Hands-on experience with security automation and scripting (Python, Bash, or equivalent). - Proficiency in penetration testing methodologies for web applications, APIs, and mobile platforms. - Strong knowledge of encryption standards, cryptographic best practices, and secrets management. - Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or related field, or equivalent combination of education and experience. - Ability to work independently in a remote setting with high performance and accountability. ## Nice-to-Haves - Preferred certifications: CSSLP, OSCP, GWEB, or GWAPT. - Experience evaluating security posture of AI providers (API security reviews, data residency assessments, vendor risk questionnaires). - Familiarity with AI model access controls and secrets hygiene in AI pipelines. - Experience with SIEM, WAF, and security monitoring tools. - Familiarity with cloud security controls in AWS (IAM, security groups, KMS, Lambda security, cloud monitoring). - Strong project management abilities and experience collaborating across product, engineering, and compliance teams. **Apply:** https://hotfix.jobs/jobs/sr-application-security-engineer-at-lumin-digital-6d9e050f-cdd4-48ca-bd0e-6e39dbb77363 **Canonical:** https://hotfix.jobs/jobs/sr-application-security-engineer-at-lumin-digital-6d9e050f-cdd4-48ca-bd0e-6e39dbb77363