Senior Security Engineer, Detection and Response

About Us:

Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we've become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.

We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We're hyper focused on building a product people love, and on finding every edge that helps us do that better. AI is core to how we operate: every person on the team uses it as a partner to sharpen judgment, move faster, and expand what's possible. We're not looking for tool mastery, we're looking for fluency and curiosity. What matters is that AI is part of how you work today and that you're actively raising your own bar on how to use it well.

As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones.

Join us on our mission to transform lives by simplifying money, together.

The Role

Monarch is hiring a Senior Security Engineer, Detection and Response to join our Security team within Foundations — the first dedicated hire for this function. Reporting to the TLM of the Corporate & Infrastructure Security squad, you will build detection, automation, and response capabilities while working with IT to harden the tools people use every day.

What makes this role different is the AI mandate. Monarch is genuinely AI-first, and we expect you to bring that mindset to the security engineering team — using LLM-augmented workflows to accelerate detection authoring, automate phishing triage, analyze logs, and build internal tooling. You'll also be responsible for governing the enterprise AI platforms themselves (e.g. Claude, OpenAI) as corporate security surfaces. If you've been waiting for a security role where AI fluency isn't a nice-to-have but a core expectation, this is it.

You'll join a lean, senior security team that has strong foundations already in place — SOC 2 Type 2 complete, best in-class tooling — and you'll build the next layer of security maturity on top of that. This is a opportunity to help define how security engineering works at a fast-growing fintech protecting real financial data for hundreds of thousands of users.

What You'll Do

• Build a detection engineering program and supporting infrastructure
• Author and maintain detections and build alerting pipelines that feed triage and incident response
• Investigate and respond to security incidents
• Drive security configuration and policy for enterprise AI platforms (Claude Enterprise, OpenAI)
• Use AI daily to transform how detection, response and corporate security operates — building LLM-augmented workflows for detection, triage, automation, and internal tooling
• Partner with IT to harden SaaS platforms and endpoints (Iru/Kandji MDM, CrowdStrike Falcon EDR)

• Mature DLP program covering SaaS, email, endpoints, and AI prompt exfiltration paths

What You'll Bring

• 5+ years in security engineering with demonstrated depth in detection & incident response and corporate security, using SIEM and in collaboration with MDR providers
• Detection engineering and incident response experience — ability to build and maintain detection infrastructure, workflows, author detections, triage alerts, and run security incidents end-to-end
• Hands-on experience administering enterprise AI platform controls (Claude Enterprise or OpenAI Enterprise admin — SSO/SCIM, audit logging, managed settings, usage governance)
• Hands-on experience securing SaaS and working with Iru (Kandji) or equivalent MDM and Okta workforce identity — understanding security hardening, device trust, and IAM policy even if not the primary administrator

• Integrated AI fluency — actively uses AI tools to accelerate security work, build automation, and ship internal tooling

Nice to Haves

• Cloudflare Zero Trust / ZTNA experience (Access, Gateway, WARP, Tunnel)
• DLP program experience (Cyberhaven, Nightfall, or similar)
• SaaS security posture tooling experience (Nudge Security, Push Security, or similar)
• Fintech or financial services background

• Relevant certifications: CISSP, CCSP, GCFA, CrowdStrike certifications

Typical Process

• Recruiter Video Call
• Hiring Manager Video Call
• Technical Assessment
• Virtual "onsite" round consisting of 2-4 technical and cross-functional interviews
• Reference Checks
• Offer

Benefits :

• Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
• Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
• Stipend to set-up your ideal working environment.
• Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
• Unlimited PTO.
• 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

Equal Opportunity & Non-Discrimination

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, sex (including pregnancy and gender identity), sexual orientation, age, marital status, veteran status, disability status, or genetic information.

Applicant Notices

California & San Francisco: Pursuant to the California Fair Chance Act and the San Francisco Fair Chance Ordinance, qualified applicants with arrest and conviction records will be considered for employment. We comply with all applicable fair chance hiring laws.