Security Engineer - Tech Lead

About Luma AI :

Luma's mission is to build multimodal AI to expand human imagination and capabilities. We believe that multimodality is critical for intelligence. To go beyond language models and build more aware, capable, and useful systems, the next step for function change will come from vision. So we are working on training and scaling up multimodal foundation models for systems that can see and understand, show and explain, and eventually interact with our world to effect change.

The Role / Where You Come In :

This is a rare opportunity to build the security function from the ground up at a leading generative AI company. You will be the foundational member of our dedicated security team, with a mission to define and drive the security posture of our products, services, and generative systems. This is a critical, leadership-track role that blends deep, hands‑on engineering with the strategic ownership required to achieve key compliance milestones and unblock our enterprise ambitions.

What You'll Do :

• Own Product & Application Security : Define and drive Luma’s approach to secure product development from design reviews to automated scanning to runtime protections.
• Secure GenAI Systems : Analyze and secure the full lifecycle of generative models (image, video, multimodal), including data ingestion, model inference, and API surface.
• Lead Threat Modeling & Security Architecture Reviews : Run deep security reviews on new features, architectures, and model capabilities, with a focus on abuse prevention, data leakage, and content safety.
• Build Security Infrastructure : Stand up tools and systems for static analysis, dependency scanning, secrets detection, and CI / CD hardening with a heavy focus on automation.
• Drive Compliance Readiness : Lead the technical and procedural efforts to get Luma through critical security certifications, including SOC 2, ISO 27001, HIPAA, and FedRamp.
• Architect and Implement Identity & Access Management (IAM) : Design and deploy a robust IAM framework to govern access to critical systems and data, addressing current organizational challenges.
• Define Misuse & Abuse Guardrails : Partner with ML and product teams to mitigate prompt injection, jailbreaks, adversarial inputs, and misuse of generative outputs.
• Lead Security Incident Detection & Response Management : Lead investigations and forensics for security incidents, vulnerabilities, or model abuse cases.
• Build the Function : Establish best practices, influence an org‑wide security culture, and help hire and grow a high‑caliber security team as the company scales.

What We're Looking For / Who You Are :

What Sets You Apart (Bonus Points) :

#J-18808-Ljbffr