Senior Software Engineer, Security Platform

We’re looking for a Senior Software Engineer to help lead the design and development of our Security Platform—the foundation that enables secure and scalable identity governance at Lumos. In this role, you’ll build and evolve core security systems that protect customer data, enable enterprise trust, and empower product teams to move fast with confidence.

You’ll work across engineering, product, and platform teams to design secure-by-default primitives such as authentication and authorization flows, secrets management, privileged access controls, encryption systems, audit logging, and security monitoring pipelines. Your work will shape how both internal teams and enterprise customers experience security—embedded seamlessly, operating reliably, and built with care.

We’re a startup that values ownership, curiosity, and trust—and we’re looking for engineers who thrive on building foundational security systems that others build upon.

✨ Your Responsibilities

• Contribute meaningfully to the Lumos code base. Some prior projects include:
  • Designing a secure proxy service for brokering customer integration credentials
  • Building a SCIM server so Lumos can respond immediately to user and group updates in a customer’s Identity Provider.
  • Implementing the OAuth 2.0 Device Authorization Grant flow to authenticate the Lumos CLI
• Partner with Engineering to incorporate Secure by Design principals throughout every portion of the Secure Software Development Lifecycle (SSDLC)
• Contribute to complex prioritization discussions around which risks are the most important to solve next
• Plan projects to address the risks we prioritize and coordinate with cross-functional stakeholders across the company to execute those projects
• Extend our detection and response capabilities by building solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
• Identify and remediate vulnerabilities within the Lumos code base
• Assist with control enforcement and policy creation in alignment with our compliance obligations (SOC 2 Type II, ISO 27001)
• Support ongoing penetration testing programs
• Participate in security related incident response

🙌 What We Value

• 3+ years of experience as a Security Engineer or Software Engineer with a focus on Security
• Experience designing and implementing security solutions for applications and distributed systems
  • For example, authentication flows and authorization frameworks, secrets management
• Strong backend development skills (Python and TypeScript knowledge is a strong plus)
• Experience with threat modeling, red teaming, penetration testing, or other means of identifying security issues
• Experience in AWS platforms and services (we will also consider equivalent experience in Azure and GCP)
• Experience securely developing and applying Infrastructure as Code solutions
• Experience at growth-stage startups is a strong plus
• Familiarity with compliance frameworks such as SOC 2 Type 2 and ISO 27001 is a plus
• Familiarity with IGA and IAM is a strong plus
• Strong product thinking and a thoughtful approach to developer experience—balancing flexibility, safety, and simplicity in platform design
• A collaborative mindset and the ability to partner across product, engineering, and design to deliver impactful platform features

💰 Pay Range

• $170,000 - $200,000 Note that this range is a good faith estimate of likely pay for this role; upon hire, the pay may differ due to skill and/or level of experience.