Be an early applicantLess than 25 applicants

Company

Monarch Money · 7 hours ago

Lead Security Engineer

United States

Full-time

Remote

Senior Level

5+ years exp

Maximize your interview chances

Financial ServicesFinTech

Insider Connection @Monarch Money

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Implement and enforce data encryption standards for data at rest and in transit, ensuring strong key management practices.

Design and maintain data access controls and policies, limiting access to sensitive data (e.g., PII) and enforcing the principle of least privilege.

Monitor and detect data exfiltration risks, unauthorized access, and anomalies around data handling.

Conduct regular audits of PII storage, access, and handling to ensure sensitive data remains secure.

Embed security best practices within the Software Development Lifecycle (SDLC), including secure coding, code review, and application security testing.

Deploy and maintain security tools in the CI/CD pipeline, such as SAST, DAST, and dependency scanning tools, to identify and remediate application vulnerabilities.

Perform threat modeling, vulnerability assessments, and penetration testing to identify and mitigate risks.

Design and enforce security configurations in cloud environments (e.g., AWS), including IAM roles, security groups, and VPC segmentation.

Establish automated monitoring and alerting to detect anomalies or potential breaches across cloud infrastructure.

Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote data security practices.

Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure decisions.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security EngineeringData SecurityApplication SecurityCloud Security (AWS)Programming (Python)SAST ToolsDAST ToolsAccess ManagementCISSP CertificationCISM CertificationAWS Certified Security SpecialtyDockerKubernetesData Privacy Regulations

Required

5+ years of experience in security engineering roles, with a focus on data security, application security, and infrastructure security, ideally in a cloud-first environment.

Proficiency in a programming language (Python preferred) to support execution of security initiatives.

Demonstrated experience implementing data encryption and access controls for sensitive data.

Experience securing cloud environments (AWS preferred) with a deep understanding of IAM, VPCs, and security groups.

Knowledge of secure coding principles and experience with security testing tools (SAST, DAST) within CI/CD pipelines.

Ability to explain complex security concepts clearly to both technical and non-technical stakeholders.

Preferred

Security certifications such as CISSP, CISM, AWS Certified Security Specialty, or relevant GIAC certifications.

Familiarity with data privacy and compliance regulations (e.g., GDPR, CCPA), though not the primary focus, would aid in aligning security initiatives.

Knowledge of securing containerized environments (Docker, Kubernetes) and implementing runtime security tools.

Understanding of data governance principles, including data classification, retention, and minimization strategies.

Previous experience in a fast-growing startup where security processes and policies were built from the ground up.

Previous experience evolving and enforcing policies to assist co-workers in maintaining security of their devices.

Benefits

Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.

Competitive cash and equity compensation in a hyper growth, early stage company 🚀.

Stipend to set-up your ideal working environment.

Medical, dental and vision benefits (Full time US only).

401k (US only).

Unlimited PTO.

3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!