Security Engineer - Tech Lead

About Luma AI

Luma's mission is to build multimodal AI to expand human imagination and capabilities. We believe that multimodality is critical for intelligence. To go beyond language models and build more aware, capable, and useful systems, the next step for function change will come from vision. So we are working on training and scaling up multimodal foundation models for systems that can see and understand, show and explain, and eventually interact with our world to effect change.

The Role / Where You Come In

This is a rare opportunity to build the security function from the ground up at a leading generative AI company. You will be the foundational member of our dedicated security team, with a mission to define and drive the security posture of our products, services, and generative systems. This is a critical, leadership-track role that blends deep, hands-on engineering with the strategic ownership required to achieve key compliance milestones and unblock our enterprise ambitions.

What You'll Do

• Own Product & Application Security: Define and drive Luma’s approach to secure product development from design reviews to automated scanning to runtime protections.
• Secure GenAI Systems: Analyze and secure the full lifecycle of generative models (image, video, multimodal), including data ingestion, model inference, and API surface.
• Lead Threat Modeling & Security Architecture Reviews: Run deep security reviews on new features, architectures, and model capabilities, with a focus on abuse prevention, data leakage, and content safety.
• Build Security Infrastructure: Stand up tools and systems for static analysis, dependency scanning, secrets detection, and CI/CD hardening with a heavy focus on automation.
• Drive Compliance Readiness: Lead the technical and procedural efforts to get Luma through critical security certifications, including SOC 2, ISO 27001, HIPAA, and FedRamp.
• Architect and Implement Identity & Access Management (IAM): Design and deploy a robust IAM framework to govern access to critical systems and data, addressing current organizational challenges.
• Define Misuse & Abuse Guardrails: Partner with ML and product teams to mitigate prompt injection, jailbreaks, adversarial inputs, and misuse of generative outputs.
• Lead Security Incident Detection & Response Management: Lead investigations and forensics for security incidents, vulnerabilities, or model abuse cases.
• Build the Function: Establish best practices, influence an org-wide security culture, and help hire and grow a high-caliber security team as the company scales.
  
  

What We're Looking For / Who You Are

• 10 years of deep experience in security engineering, with a heavy focus on product and application security.
• A successful and verifiable track record of personally leading a company through security certifications, such as SOC 2, ISO 27001, HIPAA, and FedRamp
• Proven ability to operate as a hands-on builder and technical leader in a fast-moving startup environment.
• Strong understanding of generative AI systems or high-complexity ML applications and their related risks (e.g., prompt injection, data leakage).
• Proficiency in secure development in at least one of our core languages (Python, Go, or C ).
• Experience securing systems, networks, and cloud-native environments (e.g., AWS, GCP) and infrastructure (e.g., Docker/Kubernetes).
• Deep experience with threat modeling, secure design, modern application security tooling (SAST, DAST, IaC scanning), and a strong focus on automation.
• Excellent communication skills and experience successfully leading cross-functional teams to drive security initiatives.
  
  

What Sets You Apart (Bonus Points)

• You hold relevant industry certifications such as CISSP, CISM, CISA, or OSCP.
• You have been the first security hire or a founding security engineer at a high-growth startup.
• Experience with red teaming, adversarial ML, or AI safety frameworks.