Security Engineer

LumApps is an AI-powered Employee Hub supporting companies in digital transformation of communication, collaboration, and engagement. It is a leader in the intranet market, deployed by Fortune 500 clients, and partnered with Beekeeper to expand frontline employee experience solutions. LumApps has over 600 employees across 11 offices worldwide and is undergoing a transformation to become a market leader.

• 3+ years of professional experience in application/cloud security.
• Ability to analyze WAF traffic and cloud telemetry (e.g., GuardDuty, Sysdig) to identify attack patterns, eliminate false positives, and tune tooling.
• Hands-on experience applying and auditing/remediating security best practices in AWS, GCP, Kubernetes, and containerized infrastructure.
• Strong understanding of application and API security principles (e.g., OWASP Top 10, OWASP API Top 10).
• Practical experience with source code analysis and ability to read and understand Python and/or Java.
• Hands-on experience with security monitoring tools including SAST, DAST, and SCA and integrating them within CI/CD pipelines.
• Solid understanding of data security, encryption techniques, and secure data handling.
• Working knowledge of network protocols (TCP/IP, DNS) and security concepts (WAFs, IDS).

Security Operations & Tooling:

• Maintain and monitor automated DAST, SAST, and SCA setups.
• Triage findings and work with engineering teams to ensure timely resolution of vulnerabilities.

Incident Response:

• Participate in the coordination and tracking of security incidents and tickets to ensure resolution within SLAs.

SDLC Contribution:

• Collaborate with developers to promote secure coding practices and API security within the Software Development Lifecycle.
• Review third-party components for vulnerabilities using SCA tools.

Testing & Assessments:

• Assist in managing recurring security review processes, including internal penetration testing and risk assessments.

AI Security:

• Apply security best practices to the organization's usage of AI and LLM systems, supporting the broader strategy developed by senior leadership.

Knowledge Sharing:

• Support security awareness training and participate in internal knowledge-sharing sessions.