Monarch came out of private beta in early 2021. Since that time we have quickly become one of the premier ways to manage your financial life. Customers love the product and we have seen rapid, organic growth. Our users say that Monarch helps them feel more confident in their finances, and more confident in their financial future.
Our founding team consists of product-driven, serial entrepreneurs with multiple exits. Additionally, our CEO was one of the original creators of Mint.com and has a unique perspective on what is needed to meet consumers' needs in this market.
We are passionate about building a company, product and brand that both customers and employees love. We are well-funded by top venture firms and angel investors.
We founded the company as a fully-remote team (pre Covid!) and are open to applicants that live within a 5 hour time zone difference of US Pacific Time.
Monarch handles a lot of sensitive and valuable information. As we continue to grow, we want to maintain our focus on security and privacy. We are seeking an experienced Security Engineer who is passionate about cybersecurity and has extensive experience in the field.
This is designed to be a senior role since it is taking ownership of a new area with a lot of technical / product complexity (ie you've probably done this sort of work for years). But if you think you're equipped for the job, please apply!
Data Security and PII Protection
Implement and enforce data encryption standards for data at rest and in transit, ensuring strong key management practices.
Design and maintain data access controls and policies, limiting access to sensitive data (e.g., PII) and enforcing the principle of least privilege.
Monitor and detect data exfiltration risks, unauthorized access, and anomalies around data handling.
Conduct regular audits of PII storage, access, and handling to ensure sensitive data remains secure.
Application and Product Security
Embed security best practices within the Software Development Lifecycle (SDLC), including secure coding, code review, and application security testing.
Deploy and maintain security tools in the CI/CD pipeline, such as SAST, DAST, and dependency scanning tools, to identify and remediate application vulnerabilities.
Perform threat modeling, vulnerability assessments, and penetration testing to identify and mitigate risks.
Infrastructure Security
Design and enforce security configurations in cloud environments (e.g., AWS), including IAM roles, security groups, and VPC segmentation.
Establish automated monitoring and alerting to detect anomalies or potential breaches across cloud infrastructure.
Foster Cross-Functional Collaboration and Security Culture
Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote data security practices.
Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure decisions.
Cloud and Infrastructure Security: AWS Security Hub, AWS IAM, AWS Key Management Service (KMS), OPA for Terraform
Application Security Tools: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools (e.g., SonarQube, Checkmarx, OWASP ZAP)
Data Security and Encryption: OpenSSL, AWS KMS, HashiCorp Vault, database encryption (Postgres, MySQL), TLS/SSL protocols, data masking and tokenization tools
Monitoring and Detection: SIEM solutions (Splunk, Elastic Security, Wazuh), AWS CloudWatch, cloud-native monitoring tools, and alerting systems
Identity and Access Management: AWS IAM, Okta
Professional Experience: 5+ years of experience in security engineering roles, with a focus on data security, application security, and infrastructure security, ideally in a cloud-first environment.
Programming Knowledge: Proficiency in a programming language (Python preferred) to support execution of security initiatives.
Data Security and PII Protection: Demonstrated experience implementing data encryption and access controls for sensitive data.
Cloud Infrastructure Security: Experience securing cloud environments (AWS preferred) with a deep understanding of IAM, VPCs, and security groups.
Application Security: Knowledge of secure coding principles and experience with security testing tools (SAST, DAST) within CI/CD pipelines.
Communication Skills: Ability to explain complex security concepts clearly to both technical and non-technical stakeholders.
Certifications: Security certifications such as CISSP, CISM, AWS Certified Security Specialty, or relevant GIAC certifications.
Compliance Knowledge: Familiarity with data privacy and compliance regulations (e.g., GDPR, CCPA), though not the primary focus, would aid in aligning security initiatives.
Experience with Container Security: Knowledge of securing containerized environments (Docker, Kubernetes) and implementing runtime security tools.
Familiarity with Data Governance: Understanding of data governance principles, including data classification, retention, and minimization strategies.
Experience in Startups or High-Growth Environments: Previous experience in a fast-growing startup where security processes and policies were built from the ground up.
Endpoint Security / Corporate Security: Previous experience evolving and enforcing policies to assist co-workers in maintaining security of their devices.
Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
Stipend to set-up your ideal working environment.
Medical, dental and vision benefits (Full time US only).
401k (US only).
Unlimited PTO.
3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!
These benefits are offered to full-time employees only**
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Potential Recruitment Scam
Please be cautious of potential scams related to this job posting. We do not engage with the Discord App and all legitimate communications will come from our official email domain (@ monarchmoney.com). We will never ask for personal information, banking details or payment as part of our interview process. Report any suspicious activity to report-phishing@monarchmoney.com. Your safety is our priority!
Rippling
Leonardo
Arcadis
Wellhub
