Joe Luen
@joeluen
Security architect and AppSec/DevSecOps program founder delivering risk-driven architectures and executive-ready visibility.
United StatesWhat I'm looking for
I’m a security architecture leader who builds programs, not just runs them. My approach is deliberate: evaluate business needs first, assess risk in business terms, and bring teams along rather than issuing mandates.
Over twelve years, I’ve spanned federal software engineering, global enterprise security program founding, and internal consulting across hundreds of teams simultaneously. I founded an AppSec program from nothing and scaled security ownership to 4,000+ developers, driving a 15% developer vulnerability reduction in year one.
I now lead security architecture and AppSec/DevSecOps across global enterprise engagements, producing threat models, architecture decision records, gap analyses, trust boundary maps, and remediation roadmaps. I’ve authored reference architectures adopted org-wide, built KPI/KRI analytics platforms (including a solo 3-week build), and use CISO/CTO executive reporting to drive investment decisions, restructuring, and risk-based prioritization—grounded by a background in securities analysis, financial auditing, and regulated environments.
Experience
Work history, roles, and key accomplishments
Principal Security Architect
Yum! Brands
Apr 2025 - Present (1 year 2 months)
Delivered enterprise security architecture reviews across cloud, engineering, networking, and SOC/SIEM stakeholders, producing threat models, ADRs, gap analyses, and remediation roadmaps. Drove measurable outcomes including 50% faster project delivery and 40%+ reduction in critical risk through CISO/CTO reporting and reusable reference patterns.
Principal DevSecOps Engineer
Yum! Brands
Jun 2022 - Apr 2025 (2 years 10 months)
Founded and institutionalized an enterprise AppSec/DevSecOps program, scaling developer security ownership to 4,000+ engineers and reducing developer vulnerabilities by 15% in year one. Built an org-wide vulnerability aggregation platform (Snyk + CloudGuard), delivering 40%+ reduction in critical risk and 30% faster remediation across 10+ GitLab CI/CD pipelines.
Rebuilt legacy financial APIs into a modern secure architecture using bearer token authentication, Docker/Kubernetes, AWS S3 integration, and encryption with key rotation, improving both performance and security by 25%. Developed a public-facing C# and React application for Tennessee COVID-19 hardship assistance and migrated complex tables to PostgreSQL under time pressure.
Built an automated FAA aeronautical chart production pipeline from AutoCAD source, generating flight paths, trajectories, and runway diagrams while reducing chart draw time by 80%+. Implemented a Jenkins CI/CD pipeline that enabled the team to ship 25% more features within the same timeframe.
Designed and built a secure credential management platform in MVC/.NET/Angular 4 to replace ungoverned password storage across multiple teams, improving security posture across the enterprise environment. Enhanced HRSA.gov in C# with ASP.NET and automated operational reporting, eliminating 500+ hours of annual manual effort.
Software Developer
Insystech
Jan 2016 - Jan 2018 (2 years)
Developed JavaScript and Java web applications for government clients using AWS, supporting production delivery across multiple government engagements.
Education
Degrees, certifications, and relevant coursework
Towson University
Bachelor of Science, Finance
Earned a Bachelor of Science in Finance from Towson University.
Availability
Location
United StatesAuthorized to work in
Job categories
Skills
Interested in hiring Joe?
You can contact Joe and 90k+ other talented remote workers on Himalayas.
Message JoeFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
