Network Security Software Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of the architecture, implementation, and ongoing enhancement of Lumin’s network security program across cloud, SD-WAN, and ZTNA layers—creating identity-aware, policy-driven controls that protect both human and machine (agent) identities.

• Design and implement fully automated, end-to-end network security change management pipelines that remove manual processes, increase change velocity, and ensure audit-ready evidence at every stage.

• Develop and manage real-time network telemetry, monitoring, and alerting systems that offer comprehensive visibility into network activities—integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a cohesive, automated network defense strategy.

• Create and maintain production-grade tools and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—utilizing modern backend programming languages (with a strong preference for Python) and infrastructure-as-code practices.

• Oversee and refine network-layer detection capabilities—including IDS/IPS signatures, firewall rules, and WAF configurations—to ensure high-fidelity signals for SOC utilization.

• Work at the forefront of AI-assisted development: draft detailed engineering specifications, guide AI coding agents (e.g., Claude Code, Cursor), and assess/validate generated outputs to establish secure, hands-off agentic pipelines that the broader team can learn from.

• Develop and sustain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness integrated from the outset.

• Assist in compliance audit and assessment activities—including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain a precise network diagram inventory documenting topology, segmentation boundaries, and data flows.

• Collaborate with the Security Operations Center, SRE, and IT to ensure seamless integration of network security controls with existing infrastructure pipelines, CI/CD workflows, and incident response processes; engage in security architecture reviews and contribute to runbook development and operational documentation—elevating the network security standard across the engineering organization.

• Perform additional duties as assigned.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical discipline, or an equivalent combination of education and experience.

• 5+ years of progressive experience in network security engineering, with a proven record of designing, automating, and managing network security controls in cloud-native or hybrid environments.

• Significant hands-on engineering experience: you write production code, create integrations, and deploy tools—not just policies and diagrams.

• Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or comparable tier-one solutions.

• Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) is highly preferred.

• Familiarity with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.

• Extensive expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.

• Practical experience with agentic coding tools and workflows (Claude Code, Cursor, or similar)—or a demonstrated eagerness and ability to adopt them as a primary development approach.

• Strong proficiency in at least one backend programming language (Python strongly preferred; Go or similar considered) with the capability to design and construct production-grade APIs, automation frameworks, and integration platforms.

• Comprehensive understanding of identity-aware network security—designing controls that authenticate and authorize not just users but also services, workloads, and autonomous agents.

• Proven ability to write clear, precise engineering specifications and technical documentation; comfortable working on a distributed, async-first team where written clarity drives results.

• Sound engineering judgment: capable of assessing AI-generated code for accuracy, security implications, and maintainability; able to architect systems for reliability and observability.

• Excellent cross-functional communication skills: able to translate network security requirements into actionable engineering tasks and influence colleagues across Security, SRE, and Platform teams.

🏝️ Benefits

• Medical, dental, and vision insurance

• A 401(k) with company match

• Flexible PTO plus 12 paid holidays

• Paid sick leave

• Paid parental and family leave

• A lifestyle spending account

• Tuition reimbursement

• A cell phone stipend