Monarch Money logo
Monarch Money

A financial coach in your pocket. Get personalized advice on how to best grow your money.

Senior Application Security Engineer

Application EngineerApplication EngineerFull TimeRemoteSeniorTeam 1-10Since 2016H1B No SponsorCompany SiteLinkedIn

Location

Worldwide

Posted

3 days ago

Salary

$180K - $215K / year

Seniority

Senior

Bachelor Degree5 yrs expEnglishDjangoPython

Job Description

Senior Application Security Engineer

Monarch Money

• Conduct application security reviews — threat modeling, code review, and risk assessment — for new features and major product changes across Monarch's Django/Python stack • Perform and improve SAST/DAST operations including triage, validation, and remediation tracking of findings in CI/CD pipelines • Work through the vulnerability backlog with urgency — maintaining triage criteria, remediation tracking, and escalation paths in partnership with engineering squads • Perform and coordinate penetration testing and security assessments against Monarch's web and API surfaces • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces — covering prompt injection, data leakage, model abuse, and supply chain risk • Build and maintain security automations and AI-powered tooling, and define and assess security requirements for AI workflows and agentic systems. • Participate in the weekly security on-call rotation

Job Requirements

  • 5+ years in security engineering with demonstrated depth in Application and AI security — threat modeling, SAST/DAST, secure code review, and vulnerability management
  • Proficiency in Python and strong understanding of web application security (OWASP Top 10, API security, auth/authz patterns)
  • Hands-on experience with application security tooling — Semgrep, Burp Suite, Nuclei, or equivalents
  • Familiarity with AI/ML security risks — prompt injection, model abuse, agentic attack surfaces, or LLM supply chain risk
  • Transformative AI fluency — actively uses AI tools to accelerate security work and build automation.

Benefits

  • Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
  • Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
  • Stipend to set-up your ideal working environment.
  • Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
  • Unlimited PTO.
  • 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

Related Categories

Related Job Pages

More Application Engineer Jobs

Application Security Engineer

Polar IT Services

Capital One is undertaking a critical data migration initiative to ingest all historical Discover Card data into its internal systems. This migration is an enterprise imperative to enable downstream analytics, compliance, and operational continuity using DFS data.

Role Description The Application Security Engineer will focus on securing applications and systems for the SEC. This position is 100% remote and requires obtaining SEC Public Trust clearance. - Contract Duration: 12+ months - Interview Process: 2x video - Areas of focus: Burp and Veracode Qualifications - 6+ years of Information Technology experience - 3+ years of experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite - 2+ years of experience with Java, Python, .NET, or C# - 3+ years of experience in designing and implementing enterprise-wide security controls - Experience with Eclipse, JDeveloper, or Visual Studio - Experience with securing enterprise web applications and knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25 - Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP - Knowledge of Linux or UNIX environments - HS diploma or GED Requirements - Experience with Interactive Application Security Testing (IAST) capabilities and tools - Experience with HackerOne - Experience with Selenium - Experience writing bash scripts - Experience with OWASP ZAP or Burp Proxy Company Description

United States
Gainwell Technologies logo

Advisor Application Developer

Gainwell Technologies

Gainwell Technologies is an award-winning digital health technology company that supports the administration of healthcare and human services programs. In past

Role Description As a Advisor Application Developer (Java/.NET/EDI/Pharmacy/NCPDP) at Gainwell, you can contribute your skills as we harness the power of technology to help our clients improve the health and well-being of the members they serve — a community’s most vulnerable. Connect your passion with purpose, teaming with people who thrive on finding innovative solutions to some of healthcare’s biggest challenges. Your role in our mission: - Provides senior-level application analysis, design, development, integration, and support for the healthcare transaction platform and related Medicaid pharmacy systems. - Lead design, development, testing, and deployment of NCPDP F6 transaction processing solutions. - Analyze business and technical requirements and translate them into scalable application designs. - Develop and maintain APIs, interfaces, batch processes, and data integrations. - Perform code reviews and ensure adherence to Gainwell development standards. - Support defect resolution, root-cause analysis, and production issue management. - Collaborate with architects, business analysts, QA teams, and client stakeholders. - Participate in Agile ceremonies and provide technical estimates and work planning. - Create technical documentation, support guides, and knowledge-transfer materials. Qualifications - 8+ years of experience in application development and systems analysis using Java, .NET, APIs, SQL and integration technologies. - Preferred functional areas of expertise in Medicaid, Healthcare Payer and EDI transactions with emphasis on NCPDP. - Experience with NCPDP, National Council for Prescription Drug Programs, is highly desired. - Strong analytical, troubleshooting, and communication skills. Requirements - Fully remote opportunity - All work performed must occur within the continental United States - 48 contiguous states plus Alaska. - Must work during core business hours between 8:00 AM – 5:00 PM Central Time (CST), unless otherwise coordinated. - Provide off-hours support for night and weekend patching, deployments, and incident response. - Perform and support vulnerability remediation efforts in partnership with security teams to ensure compliance with enterprise standards. - Opportunities to travel through your work (0-10%). - Video cameras must be used during all interviews, as well as during the initial week of orientation. Benefits - Generous, flexible vacation policy. - 401(k) employer match. - Comprehensive health benefits. - Educational assistance. - Variety of leadership and technical development academies to help build your skills and capabilities.

United States
$90K - $115K / year
Full TimeRemoteTeam 10,001+H1B Sponsor

Role Description Are you passionate about turning complex technical solutions into customer value and their impact on healthcare? We're seeking an Application Engineer to join our team and play a pivotal role in ensuring our products exceed customer expectations. You will be at the forefront of product performance, collaborating closely with engineering and customer-facing teams to drive continuous improvement. Whether you're new to the field or have some experience, we're looking for someone eager to learn and grow! In this role, a typical day will include: - Collaborating with the team to bring incidents, issues, and requests to resolution - Conducting rigorous product evaluations and testing to identify and address performance bottlenecks - Developing and implementing innovative solutions to improve product functionality and reliability - Providing technical support to internal teams (e.g., sales, customer success) regarding product capabilities - Partnering with the product development team to translate customer needs into actionable product requirements - Creating technical documentation Qualifications - Bachelor's degree and 3+ years of relevant experience (or equivalent) - Experience in hardware and application support - Familiarity with Linux and Windows systems - Familiarity with computer networks (LAN, WAN, WLAN, SDN) - Experience in building and deploying applications - Exceptional problem-solving and analytical skills - Detail-oriented with the ability to manage multiple tasks efficiently - Knowledge of ITSM, ITIL practices - Strong communication and collaboration skills - English language (min. B2) - daily work with global teams Requirements - NICE TO HAVE: - 1+ year of software development experience - Experience in Application Performance Monitoring (APM) Tools - Experience in programming - AWS certification (Solutions Architect/Developer) Benefits - Opportunity to expand knowledge and experience in the field of (indirect) tax - Friendly working environment and a diverse and highly motivated team - Very best working environment for our employees – Alcon Polska has been recognized as a Top Employer for the two years in a row - Truly international environment and daily interactions with colleagues and stakeholders from all over the world - Attractive benefits package (private medical care, group insurance, lunch card, transportation allowance, pension plan, Multisport/cultural card, Alcon products for you and your significant other) - Modern office with a lot of facilities inside located at NewCity building, 15 Marynarska Street, Warsaw

Poland
Full TimeRemoteTeam 10,001+Since 1980H1B Sponsor

• Responds to and resolves higher level / more complex client and user operational issues. • Works with Enterprise Applications team members to define end-user requirements, functionality specifications and deliverables. • Designs new and modifies existing solution strategies to ensure achievement of SLA requirements. • Maintains all technical deliverables including technical design specifications and configuration changes. • Performs application configuration, extension, integration and performance tuning. • Handles issues escalated from less experienced team members, clients and other stakeholders. • Helps design, plan and implement enhancements to standard operating procedures. • Design, implement, and manage monitoring and observability solutions for servers, applications, databases, network devices, and cloud environments. • Configure and maintain observability platforms for metrics, logs, traces, dashboards, and alerts. • Develop dashboards and reports to provide visibility into system health, service performance, availability, and operational KPIs. • Set up and fine-tune alerting mechanisms, thresholds, escalation rules, and notification workflows to ensure timely incident detection and response. • Monitor infrastructure and application performance to ensure adherence to SLA, SLO, and availability targets. • Perform analysis of logs, alerts, and telemetry data to identify trends, anomalies, and potential service risks. • Support incident management, problem management, and root cause analysis by providing actionable monitoring insights. • Integrate monitoring tools with ITSM, event management, automation, and ticketing platforms. • Reduce alert noise through alert optimization, event correlation, and dependency mapping. • Support cloud and platform migrations by ensuring observability coverage during transformation initiatives. • Collaborate with DevOps, SRE, and engineering teams to embed observability into system architecture and deployment pipelines. • Perform capacity planning, utilization analysis, and trend forecasting for infrastructure and application environments. • Automate monitoring configuration, maintenance, and deployment using scripting or Infrastructure as Code practices. • Maintain operational documentation, runbooks, dashboard standards, and monitoring governance processes. • Ensure compliance with logging, monitoring, audit, and operational security requirements. • Contribute to continuous improvement initiatives including AIOps, self-healing, automation, and proactive event management.

United States