Senior Software Engineer - Security Platform

Employment Type: Full-time

Position Overview

Lumos is building an enterprise-grade AppStore that simplifies app and access management for organizations. Our platform aims to untangle the complex web of app and access management by creating critical infrastructure that defines relationships between apps, identities, and data. We are seeking a Senior Software Engineer to lead the design and development of our Security Platform. This role is crucial for enabling secure and scalable identity governance at Lumos, building and evolving core security systems that protect customer data, foster enterprise trust, and empower product teams. You will collaborate across engineering, product, and platform teams to design secure-by-default primitives including authentication and authorization flows, secrets management, privileged access controls, encryption systems, audit logging, and security monitoring pipelines. Your work will directly influence how both internal teams and enterprise customers experience security, ensuring it is seamless, reliable, and built with care.

Responsibilities

• Contribute meaningfully to the Lumos code base, with past projects including:
  • Designing a secure proxy service for brokering customer integration credentials.
  • Building a SCIM server for immediate response to user and group updates in a customer’s Identity Provider.
  • Implementing the OAuth 2.0 Device Authorization Grant flow for Lumos CLI authentication.
• Partner with Engineering to integrate Secure by Design principles throughout the Secure Software Development Lifecycle (SSDLC).
• Contribute to prioritization discussions regarding critical security risks.
• Plan and execute projects to address prioritized risks, coordinating with cross-functional stakeholders.
• Enhance detection and response capabilities by building solutions for identifying malicious activity, triaging alerts, and investigating/remediating incidents.
• Identify and remediate vulnerabilities within the Lumos codebase.
• Assist with control enforcement and policy creation in alignment with compliance obligations (SOC 2 Type II, ISO 27001).
• Support ongoing penetration testing programs.
• Participate in security-related incident response.

Requirements

• 3+ years of experience as a Security Engineer or Software Engineer with a focus on Security.
• Experience designing and implementing security solutions for applications and distributed systems, such as authentication flows, authorization frameworks, and secrets management.
• Strong backend development skills.
• Python and TypeScript knowledge is a strong plus.
• Experience with threat modeling, red teaming, penetration testing, or other methods for identifying security issues.
• Experience with AWS platforms and services.

Why Lumos?

• Jump on a Rocketship: Experience rapid growth, having scaled from 20 to ~100 people and 10x'ed our customer base in just over 2 years, serving companies like GitHub, MongoDB, and Major League Baseball.
• Build with Renowned Investor Backing: Supported by Andreessen Horowitz (a16z) since inception, with over $65m raised from investors including Scale, Neo, Greg Brockman (President at OpenAI), and Phil Venables (CISO at Google).
• Thrive in a Unique Culture: Join an early-stage company where you can significantly influence the company's trajectory. We prioritize our people and live by our values.

Application Instructions

Please refer to the company's career page for application instructions.

Company Information

Lumos is a fast-growing startup pioneering the way to untangle complex app and access management challenges for organizations of all sizes through a unified platform.