Risk Automation Engineer

Risk Automation Engineer

About

Lumin Digital is seeking a Risk Automation Engineer to revolutionize risk management in a cloud-native, infrastructure-as-code environment. We aim to move beyond traditional GRC processes by designing, building, and operating secure, agentic automation pipelines for end-to-end risk and vendor lifecycle management. The goal is near real-time risk posture visibility, self-service processes, and freeing up the Risk Management team for strategic decision-making.

Responsibilities

• Architect and build lights-off automation pipelines for the full risk assessment lifecycle (intake, scoping, evidence collection, control testing, findings, remediation tracking) using AI-driven agentic workflows.
• Design and implement automated vendor risk lifecycle management, including onboarding, reassessment triggers, continuous monitoring, and offboarding workflows.
• Build and maintain near-real-time risk posture dashboards and reporting pipelines by aggregating data from cloud infrastructure, security tooling, and GRC platforms.
• Develop secure agentic AI pipelines to autonomously triage, classify, and route risk-related tasks, escalating to humans only when necessary.
• Engineer integrations between GRC platforms, cloud/vendor APIs, CI/CD pipelines, and internal systems for continuous control monitoring and evidence collection.
• Codify risk management processes into self-service, event-driven workflows to eliminate procedural ambiguity.
• Apply security-first engineering practices to all automation, including secrets management, least-privilege access, and audit logging.
• Serve as an internal force multiplier by evangelizing AI-assisted engineering practices like prompt engineering and LLM-powered code generation.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent combination of education and experience.
• 5+ years of hands-on software engineering, DevOps, or security automation experience in production environments.
• 2+ years working in or directly supporting risk management functions or GRC operations.
• Demonstrated experience building and shipping automation pipelines using Python, Go, Bash, or similar languages, with infrastructure-as-code tools like Terraform.
• Track record of using AI/LLM tools (e.g., Claude Code, GitHub Copilot) to accelerate engineering output and build agentic workflows.
• Experience with risk registers and GRC platforms (e.g., Archer, ServiceNow, Vanta) and programmatic integration.
• Working understanding of risk management frameworks (NIST CSF, PCI DSS, ISO 27001, SOC 2, FFIEC).
• Proficiency with AI-assisted development tools and the ability to design and orchestrate AI agents for security automation.
• Strong proficiency in Python, Go, or TypeScript.
• Deep working knowledge of cloud platforms (AWS preferred), including IAM, Lambda, Step Functions, EventBridge, API Gateway.
• Strong software engineering fundamentals: version control (Git), code review, testing, CI/CD, API design.
• Strong systems-thinking mindset.
• Familiarity with security data engineering concepts.
• Excellent written and verbal communication skills.
• Self-directed engineering mindset with a bias toward action.