• Own Product & Application Security: Define and drive Luma’s approach to secure product development from design reviews to automated scanning to runtime protections.
• Secure GenAI Systems: Analyze and secure the full lifecycle of generative models (image, video, multimodal), including data ingestion, model inference, and API surface.
• Lead Threat Modeling & Security Architecture Reviews: Run deep security reviews on new features, architectures, and model capabilities, with a focus on abuse prevention, data leakage, and content safety.
• Build Security Infrastructure: Stand up tools and systems for static analysis, dependency scanning, secrets detection, and CI/CD hardening with a heavy focus on automation.
• Drive Compliance Readiness: Lead the technical and procedural efforts to get Luma through critical security certifications, including SOC 2, ISO 27001, HIPAA, and FedRamp.
• Architect and Implement Identity & Access Management (IAM): Design and deploy a robust IAM framework to govern access to critical systems and data, addressing current organizational challenges.
• Define Misuse & Abuse Guardrails: Partner with ML and product teams to mitigate prompt injection, jailbreaks, adversarial inputs, and misuse of generative outputs.
• Lead Security Incident Detection & Response Management: Lead investigations and forensics for security incidents, vulnerabilities, or model abuse cases.
• Build the Function: Establish best practices, influence an org-wide security culture, and help hire and grow a high-caliber security team as the company scales.

• 10+ years of deep experience in security engineering, with a heavy focus on product and application security.
• A successful and verifiable track record of personally leading a company through security certifications, such as SOC 2, ISO 27001, HIPAA, and FedRamp
• Proven ability to operate as a hands-on builder and technical leader in a fast-moving startup environment.
• Strong understanding of generative AI systems or high-complexity ML applications and their related risks (e.g., prompt injection, data leakage).
• Proficiency in secure development in at least one of our core languages (Python, Go, or C++).
• Experience securing systems, networks, and cloud-native environments (e.g., AWS, GCP) and infrastructure (e.g., Docker/Kubernetes).
• Deep experience with threat modeling, secure design, modern application security tooling (SAST, DAST, IaC scanning), and a strong focus on automation.
• Excellent communication skills and experience successfully leading cross-functional teams to drive security initiatives.

• You hold relevant industry certifications such as CISSP, CISM, CISA, or OSCP.
• You have been the first security hire or a founding security engineer at a high-growth startup.
• Experience with red teaming, adversarial ML, or AI safety frameworks.

Compensation