Senior Application Security Engineer

Monarch Money

$120K — $150K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in security engineering with a focus on Application and AI security.
  • Proficient in Python and knowledgeable about web application security standards.
  • Hands-on experience with application security tools like Semgrep and Burp Suite.
  • Familiarity with security risks in AI/ML contexts and prompt injections.
  • Demonstrated ability to leverage AI tools for enhancing security processes.

Responsibilities

  • Conduct thorough application security reviews including threat modeling and risk assessments.
  • Enhance and oversee SAST/DAST operations, managing vulnerability tracking in CI/CD.
  • Prioritize and address the vulnerability backlog in coordination with engineering teams.
  • Execute penetration tests and security evaluations for web and API surfaces.
  • Develop security processes tailored for LLM-integrated features, managing risks associated with AI.
  • Implement security automations and define security protocols for AI systems.
  • Engage in a weekly security on-call rotation to support incident response.

Benefits

  • Fully remote work environment, allowing flexibility in work location.
  • Competitive cash and equity compensation for early-stage company employees.
  • Stipend for creating an optimal at-home work setup.
  • Comprehensive benefit plans, including medical, dental, and vision based on location.
  • Unlimited paid time off to support work-life balance.
  • A three-day weekend each month to encourage relaxation and personal time.
Full Job Description
The Role:

Monarch is seeking a Senior Application Security Engineer to join our Security Engineering team during a period of rapid growth. Reporting to the Head of Engineering Infrastructure, you will be a hands-on practitioner embedded across our product and engineering teams - conducting application security reviews, executing on vulnerability management, and applying and improving our AppSec and AI security practices as Monarch scales.

As a key contributor on the Foundations security team, you'll work directly with product engineers to identify and close security gaps, perform and improve SAST/DAST operations, and apply AI security review processes across Monarch's growing LLM-integrated and agentic product surface. This role is critical in ensuring our application layer remains secure and resilient as we handle increasingly sensitive financial data for over a million users.

What You'll Do:
  • Conduct application security reviews - threat modeling, code review, and risk assessment - for new features and major product changes across Monarch's Django/Python stack
  • Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines
  • Work through the vulnerability backlog with urgency - maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads
  • Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces
  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces - covering prompt injection, data leakage, model abuse, and supply chain risk
  • Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems.
  • Participate in the weekly security on-call rotation

What You'll Bring:
  1. 5+ years in security engineering with demonstrated depth in Application and AI security - threat modeling, SAST/DAST, secure code review, and vulnerability management
  2. Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns)
  3. Hands-on experience with application security tooling - Semgrep, Burp Suite, Nuclei, or equivalents
  4. Familiarity with AI/ML security risks - prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk
  5. Transformative AI fluency - actively uses AI tools to accelerate security work and build automation

Nice to Haves:
  • Experience in fintech or with financial data security requirements
  • Familiarity with SOC 2, NIST CSF, or similar compliance frameworks
  • Cloud security experience (AWS preferred) - IAM, container security, ECS/EKS
  • Relevant certifications: OSCP, BSCP, CSSLP, CISSP, or equivalent
  • Detection engineering and incident response experience
  • Additional offensive security experience - red teaming, bug bounty, or broader penetration testing beyond web/API surfaces

Typical Process:
  1. Recruiter Video Call
  2. Hiring Manager Video Call
  3. Take Home Assignment
  4. Virtual "Onsite" Round (2-4 interviews)
  5. Reference Checks
  6. Offer!

#LI-DNI
Benefits :
  • Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that's out of your home, a co-working space, or elsewhere.
  • Competitive cash and equity compensation in a hyper growth, early stage company .
  • Stipend to set-up your ideal working environment.
  • Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
  • Unlimited PTO.
  • 3 day weekend every month! We take off the "First Friday" every month to focus on rest, recuperation, or just having fun!


Similar Jobs

More Jobs at Monarch Money

More Information Technology Jobs

Find similar Senior Application Security Engineer jobs: