Senior Application Security Engineer

Job not on LinkedIn

🔥 4 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Monarch Money

Monarch Money

1 - 10 employees

Founded 2016

💸 Finance

💳 Fintech

👥 B2C

Finance • Fintech • B2C

Monarch Money is an all-in-one money management platform designed to help users achieve financial clarity, confidence, and peace of mind. The platform allows users to track all their account balances, transactions, and investments in one place, and collaborate with partners or financial advisors at no extra cost. Monarch offers best-in-class data connectivity, syncing with multiple financial data aggregators to ensure all accounts are updated. It features advanced tools for budgeting, investment tracking, and financial goal management, utilizing AI for transaction organization. Available on web, iOS, and Android, Monarch emphasizes security, providing bank-level data protection. The platform is ad-free, focusing on enhancing users' financial life without distractions, and is highly rated for its user-friendly interface and comprehensive functionality, making it an ideal choice for personal finance management.

📋 Description

• Conduct application security reviews — threat modeling, code review, and risk assessment — for new features and major product changes across Monarch's Django/Python stack • Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines • Work through the vulnerability backlog with urgency — maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads • Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces — covering prompt injection, data leakage, model abuse, and supply chain risk • Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems. • Participate in the weekly security on-call rotation

🎯 Requirements

• 5+ years in security engineering with demonstrated depth in Application and AI security — threat modeling, SAST/DAST, secure code review, and vulnerability management • Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns) • Hands-on experience with application security tooling — Semgrep, Burp Suite, Nuclei, or equivalents • Familiarity with AI/ML security risks — prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk • Transformative AI fluency — actively uses AI tools to accelerate security work and build automation.

🏖️ Benefits

• Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere. • Competitive cash and equity compensation in a hyper growth, early stage company 🚀. • Stipend to set-up your ideal working environment. • Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan). • Unlimited PTO. • 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

Apply Now