Companies Monarch Money Senior Application Security Engineer

About the role

Monarch Money · Remote

About Us:

Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we've become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.

We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We're hyper focused on building a product people love, and on finding every edge that helps us do that better. AI is core to how we operate: every person on the team uses it as a partner to sharpen judgment, move faster, and expand what's possible. We're not looking for tool mastery, we're looking for fluency and curiosity. What matters is that AI is part of how you work today and that you're actively raising your own bar on how to use it well.

As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones.

Join us on our mission to transform lives by simplifying money, together.

The Role:

Monarch is seeking a Senior Application Security Engineer to join our Security Engineering team during a period of rapid growth. Reporting to the Head of Engineering Infrastructure, you will be a hands-on practitioner embedded across our product and engineering teams — conducting application security reviews, executing on vulnerability management, and applying and improving our AppSec and AI security practices as Monarch scales.

As a key contributor on the Foundations security team, you'll work directly with product engineers to identify and close security gaps, perform and improve SAST/DAST operations, and apply AI security review processes across Monarch's growing LLM-integrated and agentic product surface. This role is critical in ensuring our application layer remains secure and resilient as we handle increasingly sensitive financial data for over a million users.

What You'll Do:

  • Conduct application security reviews — threat modeling, code review, and risk assessment — for new features and major product changes across Monarch's Django/Python stack

  • Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines

  • Work through the vulnerability backlog with urgency — maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads

  • Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces

  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces — covering prompt injection, data leakage, model abuse, and supply chain risk

  • Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems.

  • Participate in the weekly security on-call rotation

What You'll Bring:

  1. 5+ years in security engineering with demonstrated depth in Application and AI security — threat modeling, SAST/DAST, secure code review, and vulnerability management

  2. Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns)

  3. Hands-on experience with application security tooling — Semgrep, Burp Suite, Nuclei, or equivalents

  4. Familiarity with AI/ML security risks — prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk

  5. Transformative AI fluency — actively uses AI tools to accelerate security work and build automation

Nice to Haves:

  • Experience in fintech or with financial data security requirements

  • Familiarity with SOC 2, NIST CSF, or similar compliance frameworks

  • Cloud security experience (AWS preferred) — IAM, container security, ECS/EKS

  • Relevant certifications: OSCP, BSCP, CSSLP, CISSP, or equivalent

  • Detection engineering and incident response experience

  • Additional offensive security experience — red teaming, bug bounty, or broader penetration testing beyond web/API surfaces

Typical Process:

  1. Recruiter Video Call

  2. Hiring Manager Video Call

  3. Take Home Assignment

  4. Virtual "Onsite" Round (2–4 interviews)

  5. Reference Checks

  6. Offer!

#LI-DNI

Benefits :

  • Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.

  • Competitive cash and equity compensation in a hyper growth, early stage company 🚀.

  • Stipend to set-up your ideal working environment.

  • Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).

  • Unlimited PTO.

  • 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

Equal Opportunity & Non-Discrimination

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, sex (including pregnancy and gender identity), sexual orientation, age, marital status, veteran status, disability status, or genetic information.

Applicant Notices

California & San Francisco: Pursuant to the California Fair Chance Act and the San Francisco Fair Chance Ordinance, qualified applicants with arrest and conviction records will be considered for employment. We comply with all applicable fair chance hiring laws.

Ready to apply to Monarch Money?
Apply to Monarch Money

Similar jobs

Anthropic
Staff+ Application Security Engineer
Anthropic
⚡ Apply early Remote-Friendly (Travel-Requir... · location restricted $320,000–$485,000
● New 👁 Seen ✓ Applied 6h ago
Virtru
Application Security Engineer
Virtru
⚡ Apply early Washington, DC - Remote · location restricted $180,000–$200,000
● New 👁 Seen ✓ Applied 15h ago
Consensys
Senior Application Security Engineer
Consensys
⚡ Apply early UNITED STATES - Remote, EMEA -... · location restricted $130,000–$218,000
● New 👁 Seen ✓ Applied 19h ago
Smartsheet
Senior Security Engineer II, Application Security (Remote Eligible)
Smartsheet
⚡ Apply early -REMOTE, USA- · location restricted $175,000–$245,000
● New 👁 Seen ✓ Applied 1d ago
Black Duck Software, Inc.
Application Security Engineer (West Coast)
Black Duck Software, Inc.
⚡ Apply early California, Oregon, Washington... · location restricted $135,900–$203,900
● New 👁 Seen ✓ Applied 1d ago
Black Duck Software, Inc.
Application Security Engineer (East Coast)
Black Duck Software, Inc.
⚡ Apply early Burlington, MA Onsite $135,900–$203,900
● New 👁 Seen ✓ Applied 1d ago
Pinterest
Sr. Security Software Engineer, Application Security
Pinterest
⚡ Apply early Chicago, IL, US; Remote, US · location restricted $155,584–$320,320
● New 👁 Seen ✓ Applied 1d ago
Collibra
Senior Product Security Engineer
Collibra
⚡ Apply early Remote, USA · location restricted $168,000–$210,000
● New 👁 Seen ✓ Applied 1d ago
Nebius
Application Security Engineer
Nebius
⚡ Apply early Amsterdam, Netherlands; Berlin... · location restricted €75,000–€240,000
● New 👁 Seen ✓ Applied 2d ago

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free