Lead Security Engineer
Remote (US)
About Us
Monarch came out of private beta in early 2021. Since that time we have quickly become one of the premier ways to manage your financial life. Customers love the product and we have seen rapid, organic growth. Our users say that Monarch helps them feel more confident in their finances, and more confident in their financial future.
Our founding team consists of product-driven, serial entrepreneurs with multiple exits. Additionally, our CEO was one of the original creators of Mint.com and has a unique perspective on what is needed to meet consumers' needs in this market.
We are passionate about building a company, product and brand that both customers and employees love. We are well-funded by top venture firms and angel investors.
We founded the company as a fully-remote team (pre Covid!) and are open to applicants that live within a 5 hour time zone difference of US Pacific Time.
Monarch handles a lot of sensitive and valuable information. As we continue to grow, we want to maintain our focus on security and privacy. We are seeking an experienced Security Engineer who is passionate about cybersecurity and has extensive experience in the field.
This is designed to be a senior role since it is taking ownership of a new area with a lot of technical / product complexity (ie you've probably done this sort of work for years). But if you think you're equipped for the job, please apply!
Responsibilities
Data Security and PII Protection
Implement and enforce data encryption standards for data at rest and in transit, ensuring strong key management practices.
Design and maintain data access controls and policies, limiting access to sensitive data (e.g., PII) and enforcing the principle of least privilege.
Monitor and detect data exfiltration risks, unauthorized access, and anomalies around data handling.
Conduct regular audits of PII storage, access, and handling to ensure sensitive data remains secure.
Application and Product Security
Embed security best practices within the Software Development Lifecycle (SDLC), including secure coding, code review, and application security testing.
Deploy and maintain security tools in the CI/CD pipeline, such as SAST, DAST, and dependency scanning tools, to identify and remediate application vulnerabilities.
Perform threat modeling, vulnerability assessments, and penetration testing to identify and mitigate risks.
Infrastructure Security
Design and enforce security configurations in cloud environments (e.g., AWS), including IAM roles, security groups, and VPC segmentation.
Establish automated monitoring and alerting to detect anomalies or potential breaches across cloud infrastructure.
Foster Cross-Functional Collaboration and Security Culture
Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote data security practices.
Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure decisions.
Technologies
Cloud and Infrastructure Security: AWS Security Hub, AWS IAM, AWS Key Management Service (KMS), OPA for Terraform
Application Security Tools: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools (e.g., SonarQube, Checkmarx, OWASP ZAP)
Data Security and Encryption: OpenSSL, AWS KMS, HashiCorp Vault, database encryption (Postgres, MySQL), TLS/SSL protocols, data masking and tokenization tools
Monitoring and Detection: SIEM solutions (Splunk, Elastic Security, Wazuh), AWS CloudWatch, cloud-native monitoring tools, and alerting systems
Identity and Access Management: AWS IAM, Okta
Requirements
Professional Experience: 5+ years of experience in security engineering roles, with a focus on data security, application security, and infrastructure security, ideally in a cloud-first environment.
Programming Knowledge: Proficiency in a programming language (Python preferred) to support execution of security initiatives.
Data Security and PII Protection: Demonstrated experience implementing data encryption and access controls for sensitive data.
Cloud Infrastructure Security: Experience securing cloud environments (AWS preferred) with a deep understanding of IAM, VPCs, and security groups.
Application Security: Knowledge of secure coding principles and experience with security testing tools (SAST, DAST) within CI/CD pipelines.
Communication Skills: Ability to explain complex security concepts clearly to both technical and non-technical stakeholders.
Nice to have
Certifications: Security certifications such as CISSP, CISM, AWS Certified Security Specialty, or relevant GIAC certifications.
Compliance Knowledge: Familiarity with data privacy and compliance regulations (e.g., GDPR, CCPA), though not the primary focus, would aid in aligning security initiatives.
Experience with Container Security: Knowledge of securing containerized environments (Docker, Kubernetes) and implementing runtime security tools.
Familiarity with Data Governance: Understanding of data governance principles, including data classification, retention, and minimization strategies.
Experience in Startups or High-Growth Environments: Previous experience in a fast-growing startup where security processes and policies were built from the ground up.
Endpoint Security / Corporate Security: Previous experience evolving and enforcing policies to assist co-workers in maintaining security of their devices.
Benefits
Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
Stipend to set-up your ideal working environment.
Medical, dental and vision benefits (Full time US only).
401k (US only).
Unlimited PTO.
3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!
These benefits are offered to full-time employees only**
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
ApplyJob Profile
Must live within 5 hours of US Pacific Time
Benefits/PerksCollaborative culture Equal opportunity employer Equity Compensation Flexible work hours Fully remote Unlimited PTO
Tasks- Collaborate with teams
- Conduct audits
- Deploy security tools
- Design cloud security
- Design data access controls
- Embed security in SDLC
- Establish monitoring
- Implement data encryption
- Monitor data exfiltration
- Perform threat modeling
Application Security Application security testing AWS Cloud Security Code Review Collaboration Communication Compliance Cybersecurity Data-access controls Data masking Data Security Design DevSecOps Encryption Endpoint Security IAM Infrastructure Security Key management Kubernetes Monitoring tools Penetration Testing Python Secure coding Security SIEM Terraform Threat modeling Tokenization Vulnerability assessments
Experience5 years
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9