Job Description
Basic Function
Lumin Digital is standing up a dedicated Network Security function within its Risk Engineering group to protect a growing product suite that handles sensitive financial data across multiple product lines. This role exists because the landscape has shifted: in a cloud-native, infrastructure-as-code environment, network security is no longer about managing router ACLs—it is about designing identity-aware policy enforcement, automating end-to-end change management, and building real-time visibility into network activity across both workforce and hosted contexts.
As the Manager, Network Security, you will set the technical direction, own the program, and ensure that the network security function operates as a genuine force multiplier for the business—breaking it out of the existing Security Engineering and SOC functions and building the specialization from the ground up. You will lead a team of engineers who combine deep network security expertise with hands-on software development skills, building automated, lights-off pipelines—using agentic development practices and tools like Claude Code—that turn around security changes faster, go deeper than port and protocol in our defense-in-depth story, and extend coverage to the agents our teams create, not just the people who create them.
We are looking for a leader who will teach us what great network security looks like in a modern, highly automated fintech environment.
Essential Functions and Responsibilities:
Build, lead, and mentor a team of senior Network Security Software Engineers — owning the hiring process, setting role expectations, and onboarding engineers into a newly established function.
Define and continuously mature the network security program — establishing policies, standards, runbooks, and roadmaps across cloud infrastructure, corporate IT, and third-party connectivity; own network segmentation strategy across product and environment boundaries.
Serve as the primary escalation point for architectural decisions and cross-functional scope disputes — maintaining clear lines of authority as the function establishes itself within the broader engineering organization.
Partner with the Director of Risk Engineering to communicate program status, risk posture, and investment needs; contribute to security strategy reporting to senior leadership.
Own Lumin’s network security architecture strategy and change management model across cloud, SD-WAN, and ZTNA layers — designing identity-aware, policy-driven controls that secure both human and machine (agent) identities, and setting the standard for fully automated, audit-ready change delivery.
Serve as the program-level authority for the team’s network security tooling and automation initiatives — writing, reviewing, and iterating on engineering specifications that drive AI-assisted coding workflows; validating software outputs for correctness and security soundness, applying hands-on expertise that engineering tools alone cannot provide.
Own the strategy for network-layer detection and response — including IDS/IPS management, firewall rule governance, WAF configuration, DDoS mitigation, and real-time telemetry — ensuring the SOC has high-fidelity, actionable network security signals.
Serve as the network security subject matter expert for compliance audit and assessment activities; own network risk assessments, penetration test scoping, remediation tracking, and network diagram inventory across cloud and corporate environments.
Embed network security requirements into SOC, SRE, and IT/Corporate Engineering workflows; manage third-party and vendor network connectivity to ensure all external connectivity meets security policy and compliance standards.
Perform other duties as assigned.
Physical Demands:
While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.
Specific vision abilities required by this job include close vision.
Ability to occasionally lift/move up to 25 pounds.
Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.
Supervisory Responsibility:
- Directly manages a team of Network Security Software Engineers.
Position Specifications
Education:
Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.
Preferred certifications: CCNP Security, PCNSE (Palo Alto), AWS Solutions Architect, AWS Certified Security, Cloudflare certifications, or equivalent. Relevant certifications are valued but not required if depth of hands-on experience is demonstrated.
Experience:
7+ years of progressive experience in network security, with at least 2 years in a lead or management capacity, in a cloud-native or hybrid environment.
Demonstrated track record of building or maturing a network security program — including policy development, tooling evaluation, team building, and cross-functional stakeholder management.
Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.
Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.
Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.
Experience with leading teams that leverage agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.
Knowledge, Skills, & Abilities:
Required:
Demonstrated ability to lead, develop, and hold accountable a technical engineering team — setting expectations, managing performance, and building a high-trust team culture.
Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.
Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.
Demonstrated ability to write clear, precise engineering specifications and technical documentation that can drive AI-assisted development workflows; comfortable operating on a distributed, async-first team where written clarity drives outcomes.
Sound engineering judgment: able to evaluate software outputs for correctness, security implications, and maintainability; able to architect systems for reliability and observability.
Strong cross-functional communication skills: able to translate network security requirements into actionable engineering work and influence peers across Security, SRE, and Platform teams.
Proven ability to lead through ambiguity — comfortable inheriting an incomplete program, building structure around it, and navigating organizational transitions.
Preferred:
Experience building or overseeing real-time telemetry, monitoring, and threat detection pipelines for network traffic.
Familiarity with agent-to-agent authentication, service mesh architectures, and securing AI/ML workload communications.
Experience building or overseeing the integration of threat intelligence feeds and automating indicator-of-compromise enrichment into network defense workflows.
Scripting ability (Python, Bash) for automation of network security tasks and log analysis.
Travel:
- Minimal, generally 12 days or less per year (~2 team get-togethers per year).
$180,000 - $200,000 a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis, in accordance with applicable law.
For more information, visit lumindigital.com.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
