Sr. Application Security Engineer

About this role

Basic Function

The Senior Application Security Engineer is a hands-on technical leader responsible for securing Lumin Digital’s B2B2C SaaS platform across the full software development lifecycle. This role exists at the intersection of application security and AI-augmented engineering: the ideal candidate actively uses AI-powered tools such as Claude Code and Claude Security in their daily workflow to find vulnerabilities faster, automate remediation, and scale security coverage beyond what traditional approaches allow. As AI rapidly transforms how code is written, reviewed, and deployed, this engineer will lead the effort to secure AI-integrated applications, harden CI/CD pipelines, and establish governance for responsible AI adoption across product and engineering teams. Success in this role requires deep technical fluency, a bias toward building and doing over advising, and the ability to operate independently in a fast-moving, remote-first environment.

Essential Functions and Responsibilities:

• Lead security architecture reviews for new and existing applications, ensuring secure-by-design principles are embedded from initial design through deployment and ongoing operation.
• Develop, enforce, and continuously refine secure coding standards across engineering teams through a combination of automated security scans (SAST, DAST, SCA), AI-assisted code review using tools such as Claude Code, periodic manual code audits, and targeted secure development training.
• Own the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating signals from static analysis, dynamic testing, software composition analysis, and runtime telemetry to build risk-scoring models that balance exploitability, data sensitivity, and business impact.
• Continuously improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-powered features, leveraging to...