The Role:Monarch is seeking a Senior Application Security Engineer to join our Security Engineering team during a period of rapid growth. Reporting to the Head of Engineering Infrastructure, you will be a hands-on practitioner embedded across our product and engineering teams - conducting application security reviews, executing on vulnerability management, and applying and improving our AppSec and AI security practices as Monarch scales.
As a key contributor on the Foundations security team, you'll work directly with product engineers to identify and close security gaps, perform and improve SAST/DAST operations, and apply AI security review processes across Monarch's growing LLM-integrated and agentic product surface. This role is critical in ensuring our application layer remains secure and resilient as we handle increasingly sensitive financial data for over a million users.
What You'll Do:- Conduct application security reviews - threat modeling, code review, and risk assessment - for new features and major product changes across Monarch's Django/Python stack
- Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines
- Work through the vulnerability backlog with urgency - maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads
- Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces
- Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces - covering prompt injection, data leakage, model abuse, and supply chain risk
- Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems.
- Participate in the weekly security on-call rotation
What You'll Bring:- 5+ years in security engineering with demonstrated depth in Application and AI security - threat modeling, SAST/DAST, secure code review, and vulnerability management
- Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns)
- Hands-on experience with application security tooling - Semgrep, Burp Suite, Nuclei, or equivalents
- Familiarity with AI/ML security risks - prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk
- Transformative AI fluency - actively uses AI tools to accelerate security work and build automation
Nice to Haves:- Experience in fintech or with financial data security requirements
- Familiarity with SOC 2, NIST CSF, or similar compliance frameworks
- Cloud security experience (AWS preferred) - IAM, container security, ECS/EKS
- Relevant certifications: OSCP, BSCP, CSSLP, CISSP, or equivalent
- Detection engineering and incident response experience
- Additional offensive security experience - red teaming, bug bounty, or broader penetration testing beyond web/API surfaces
Typical Process:- Recruiter Video Call
- Hiring Manager Video Call
- Take Home Assignment
- Virtual "Onsite" Round (2-4 interviews)
- Reference Checks
- Offer!
#LI-DNI
Benefits :- Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that's out of your home, a co-working space, or elsewhere.
- Competitive cash and equity compensation in a hyper growth, early stage company .
- Stipend to set-up your ideal working environment.
- Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
- Unlimited PTO.
- 3 day weekend every month! We take off the "First Friday" every month to focus on rest, recuperation, or just having fun!