Lumin Digital - Application Security Engineer

• Maintain and optimize automated vulnerability scanning systems (SAST/DAST), ensuring comprehensive application security assessments. • Own the design, implementation, and evolution of ASPM capabilities, integrating signals from SAST, DAST, SCA to manage runtime and production telemetry and define risk scoring models that balance exploitability, data sensitivity, and business impact. • Own and operate the company’s bug bounty program end-to-end, including program strategy, scope definition, and maturity evolution, triage, validation, and severity assessment of submissions and engagement with external security researchersCoordinate and manage third-party penetration tests, bug bounty programs, and vulnerability assessments, responding effectively to findings. • Collaborate cross-functionally to perform architectural and code reviews, delivering actionable recommendations for enhanced application security. • Develop and maintain application threat models to inform proactive risk management and security posture improvements. • Assist internal teams in vulnerability remediation using industry-standard tools (e.g., Veracode, Qualys, Rapid7, Burp).Support incident response activities, enabling rapid identification, containment, and resolution of application security incidents. • Stay current on emerging security threats, vulnerabilities, and industry best practices, translating insights into practical guidance. • Provide security expertise in risk management, compliance audits, and client communications to enhance the overall security posture.