Senior Application Security Engineer embedded with product and engineering teams at Monarch, a personal finance platform. Conduct AppSec reviews, SAST/DAST, vulnerability management, and AI security for LLM features on Django/Python stack. Requires 5+ years in security engineering with Python and web security expertise.
180k – 215k
Remote5+ YOESecurity Engineering
About the role
Responsibilities
Conduct application security reviews — threat modeling, code review, and risk assessment — for new features and major product changes across Monarch's Django/Python stack.
Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines.
Work through the vulnerability backlog with urgency — maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads.
Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces.
Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces — covering prompt injection, data leakage, model abuse, and supply chain risk.
Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems.
Participate in the weekly security on-call rotation.
Requirements
5+ years in security engineering with demonstrated depth in Application and AI security — threat modeling, SAST/DAST, secure code review, and vulnerability management.
Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns).
Hands-on experience with application security tooling — Semgrep, Burp Suite, Nuclei, or equivalents.
Familiarity with AI/ML security risks — prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk.
Transformative AI fluency — actively uses AI tools to accelerate security work and build automation.
Nice-to-Haves
Experience in fintech or with financial data security requirements.
Familiarity with SOC 2, NIST CSF, or similar compliance frameworks.
Senior GRC Engineer responsible for designing, building, and operating automation, integrations, and AI-assisted workflows across governance, risk, and compliance. Leads compliance initiatives including SOC 2, ISO 27001, HIPAA, and FedRAMP while partnering with cross-functional teams to improve security assurance and audit readiness.
180k – 200k
On-site6+ YOESecurity Engineering
Senior Security Engineer, GRC
TemporalUnited States
Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.
180k – 225k
Remote8+ YOESecurity Engineering
Senior Security Engineer
Kaizen LabsNew York, NY
Own end-to-end security architecture, compliance (FedRAMP, CMMC), and secure supply chain practices for a federal-focused government platform on AWS. Lead technical readiness and drive secure-by-default engineering in an early-stage environment.
180k – 220k
Hybrid5+ YOESecurity Engineering
Manager, Network Security
Lumin DigitalUnited States
Lead and build a new network security function at a fintech company, managing a team of engineers, setting technical direction for cloud-native network security architecture, and establishing automated, identity-aware security controls across cloud, SD-WAN, and ZTNA environments.
Designs, implements, and operates enterprise IAM systems for workforce and customer-facing authentication in ValonOS, including IdP management, secure protocols, cloud IAM, and AI-assisted workflows. Requires 5+ years IAM experience, deep protocol expertise, and IdP hands-on skills.