United States onlyBasic Function
Lumin Digital is building a Vulnerability Automation Engineering team that eliminates the traditional vulnerability management ticket queue entirely. As a Vulnerability Automation Engineer, you will design, build, and operate lights-off pipelines that continuously discover assets, assess posture, scan for vulnerabilities, harden configurations, and auto-remediate findings across cloud-native and infrastructure-as-code environments. You will leverage AI-assisted engineering tools, including agentic coding assistants like Claude Code, to build secure, autonomous workflows that replace manual coordination with engineered solutions. This role exists for engineers who teach organizations how to operate, not the other way around. Success means vulnerabilities are resolved before a human ever needs to read about them.
Essential Functions and Responsibilities:
Design and implement end-to-end vulnerability automation pipelines that continuously discover assets, assess configurations, identify vulnerabilities, and execute or orchestrate remediation, without manual ticketing or human-in-the-loop coordination.
Build and maintain agentic AI workflows using tools such as Claude Code and MCP-based integrations to automate security engineering tasks, including code review for vulnerability patterns, configuration drift detection, and patch deployment across cloud-native environments.
Engineer new and enhance existing automated asset discovery and inventory systems that maintain a real-time, authoritative view of all infrastructure, services, and endpoints across environments, including ephemeral and containerized workloads.
Develop and operationalize automated configuration hardening pipelines that enforce security baselines (CIS Benchmarks, internal standards) as code, with drift detection and auto-remediation capabilities.
Create and maintain infrastructure-as-code templates, policy-as-code rules, and automated playbooks that embed security controls directly into deployment pipelines, preventing or resolving vulnerabilities at build time rather than discovering them post-deployment.
Build self-service remediation tooling and agentic support systems that empower development and infrastructure teams to resolve security findings autonomously, reducing cross-team dependencies and accelerating mean time to remediation.
Integrate vulnerability data sources (scanners, SCA tools, cloud-native security services, threat intelligence feeds) into unified automation platforms, normalizing and enriching findings to drive intelligent prioritization and automated response.
Develop metrics, dashboards, and automated reporting that provide real-time visibility into vulnerability posture, remediation velocity, and automation coverage, enabling leadership to measure program effectiveness without manual evidence gathering.
Collaborate with product, engineering, operations, and other risk teams to embed vulnerability automation into CI/CD pipelines, infrastructure provisioning workflows, and operational runbooks.
Perform other duties as assigned.
Physical Demands:
While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear
Specific vision abilities required by this job include close vision
Ability to occasionally lift/move up to 25 pounds
Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.
Supervisory Responsibility:
None.
Position Specifications
Education:
Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field; or equivalent combination of education and demonstrated engineering experience in vulnerability lifecycle management and security automation.
Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: GPYC, GPEN, GXPN, AWS Security Specialty, GCP Professional Cloud Security Engineer, CKS (Certified Kubernetes Security Specialist), or HashiCorp Terraform Associate.
Experience:
5+ years of hands-on experience in security engineering, DevSecOps, vulnerability management, or infrastructure automation, with a strong emphasis on building automated systems rather than operating manual processes.
Demonstrated experience building and shipping automation pipelines in production environments using Python, Go, Bash, or similar languages, with infrastructure-as-code tools such as Terraform.
Proven track record of working in cloud-native environments with deep familiarity in containerized workloads, Kubernetes, serverless architectures, and CI/CD pipeline integration.
Experience with vulnerability scanning and security assessment platforms (e.g., Tenable, Qualys, Wiz, Snyk, Trivy, Grype, or cloud-native equivalents) and the ability to integrate them programmatically into automated workflows.
Knowledge, Skills, & Abilities:
Deep understanding of vulnerability classes (OWASP Top 10, CWE, CVE/CVSS, EPSS) and modern prioritization frameworks that go beyond raw CVSS scores to factor exploitability, asset criticality, and business context.
Proficiency with AI-assisted development tools (Claude Code, GitHub Copilot, or similar agentic coding assistants) and the ability to design, prompt-engineer, and orchestrate AI agents for security automation workflows.
Strong software engineering fundamentals: version control (Git), code review, testing, CI/CD, API design, and the ability to write production-quality, maintainable code—not just scripts.
Hands-on experience with cloud security tooling and APIs (AWS Config, GuardDuty, Inspector, Security Hub), container security.
Familiarity with security data engineering concepts: API and database integration, data normalization, and building automated evidence-collection pipelines for compliance and audit support.
Excellent written and verbal communication skills, with the ability to translate complex automation architectures into clear documentation, runbooks, and knowledge-transfer materials for cross-functional teams.
Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. You see a repeated manual process as a bug, not a task.
Nice to have: Experience with MCP (Model Context Protocol) integrations, building custom AI tool-use pipelines, or contributing to open-source security automation projects.
Travel:
Minimal, generally 12 days or less per year, ~2X team get-togethers a year
