8 months ago

Logo of Monarch Money

Senior Security Engineer

$90k - $190k

Monarch Money

RemoteUS

About Us:

Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we’ve become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.

We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback.

As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones.

Join us on our mission to transform lives by simplifying money, together.

The Role:

Monarch handles a lot of sensitive and valuable information. As we continue to grow, we want to maintain our focus on security and privacy. We are seeking an experienced Security Engineer who is passionate about cybersecurity and has extensive experience in the field.

This is designed to be a senior role since it is taking ownership of a new area with a lot of technical / product complexity (ie youve probably done this sort of work for years). But if you think youre equipped for the job, please apply!

Seniority Level: Senior

What Youll Do:

  1. Detection & Incident Response

    • Triage security alerts from various security monitoring tooling on a daily basis.

    • Execute, develop, and maintain investigation playbooks to ensure timely and accurate investigation completion.

    • Integrate, tune, and manage detection tooling on a continual basis.

    • Manage incidents as an incident commander when investigations require escalation.

  2. Infrastructure (Cloud) Security

    • Monitor existing and new cloud infrastructure for insecure configurations.

    • Triage and mitigate misconfigurations identified by cloud security assessment tooling.

    • Develop and maintain automated guardrails for preventing insecure infrastructure deployment.

  3. Vulnerability Management

    • Triage and drive mitigation of vulnerability scanning findings in accordance with SLAs.

    • Develop and maintain vulnerability management integrations and automation.

    • Complete vulnerability mitigation scanning and testing.

  4. Application Security

    • Work independently, and with engineering teams, to prioritize and mitigate application security findings from SAST, DAST, and SCA tooling.

What Youll Bring:

  • Professional Experience: 3-5+ years of experience in security engineering roles, with a focus on incident response, infrastructure security, and vulnerability management, ideally in a cloud-first environment.

  • Programming and Automation Knowledge: Proficiency in a programming/scripting language (Python and Bash preferred) to support execution of security initiatives and automation.

  • Detection & Incident Response: Experience interacting with SIEM and EDR solutions (such as SumoLogic, Datadog, Splunk, Panther, Crowdstrike, SentinelOne) and executing incident response activities from investigation to retrospective.

  • Cloud Infrastructure Security: Experience securing cloud environments (AWS preferred) with a deep understanding of IAM, Cloud Security Assessment (Prowler, ScoutSuite, Pacu), IaC (Terraform), and Cloud Monitoring (such as CloudTrail, CloudWatch, Wiz, Lacework, Prizma Cloud).

  • Vulnerability Management: Experience conducting vulnerability scanning and triage at the endpoint, web app, container, and network level. Experience with tools such as Tenable, Qualys, Trivy, Nuclei, Acunetix, and Burp Suite Enterprise.

  • Application Security: Experience interacting with SAST, DAST, and SCA solutions (such as Snyk, GitHub Advanced Security CodeQL, Semgrep, OWASP Dependency Check, Dependabot).

  • Communication Skills: Ability to explain complex security concepts clearly to both technical and non-technical stakeholders in both verbal and written format.

Benefits :

  • Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.

  • Competitive cash and equity compensation in a hyper growth, early stage company 🚀.

  • Stipend to set-up your ideal working environment.

  • Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).

  • Unlimited PTO.

  • 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.