[Remote] Senior Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. They are seeking a Senior Application Security Engineer to join their Security Engineering team, where the role involves conducting application security reviews and improving security practices as the company scales.
Responsibilities
- Conduct application security reviews — threat modeling, code review, and risk assessment — for new features and major product changes across Monarch's Django/Python stack
- Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines
- Work through the vulnerability backlog with urgency — maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads
- Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces
- Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces — covering prompt injection, data leakage, model abuse, and supply chain risk
- Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems
- Participate in the weekly security on-call rotation
Skills
- 5+ years in security engineering with demonstrated depth in Application and AI security — threat modeling, SAST/DAST, secure code review, and vulnerability management
- Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns)
- Hands-on experience with application security tooling — Semgrep, Burp Suite, Nuclei, or equivalents
- Familiarity with AI/ML security risks — prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk
- Transformative AI fluency — actively uses AI tools to accelerate security work and build automation
- Experience in fintech or with financial data security requirements
- Familiarity with SOC 2, NIST CSF, or similar compliance frameworks
- Cloud security experience (AWS preferred) — IAM, container security, ECS/EKS
- Relevant certifications: OSCP, BSCP, CSSLP, CISSP, or equivalent
- Detection engineering and incident response experience
- Additional offensive security experience — red teaming, bug bounty, or broader penetration testing beyond web/API surfaces
Benefits
- Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
- Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
- Stipend to set-up your ideal working environment.
- Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
- Unlimited PTO.
- 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!
Company Overview