Senior Platform Security Engineer

About Monstro

Monstro is the operating system for governed financial intelligence. We build governance and intelligence infrastructure that enables artificial intelligence to operate safely, explainably, and at institutional scale.

We exist because the level of financial guidance historically available to a small group should be accessible to many more people. By combining AI with deep institutional infrastructure, we help financial institutions deliver more personalized, responsible, and life-changing financial support to millions of individuals.

We’re building mission-critical systems in a highly regulated domain, and we care deeply about doing it right. If you’re motivated by meaningful problems, high standards, and shaping infrastructure that improves financial outcomes, you’ll feel at home here.

About the Role

We're looking for a Senior Platform Security Engineer to help build and secure the infrastructure that powers Monstro's AI platform. This is a hands-on engineering role focused on creating reliable, scalable, and secure systems while embedding security throughout the software development lifecycle.

You'll sit at the intersection of platform engineering, cloud infrastructure, security operations, and compliance. Your mission is to build and maintain scalable, secure, and compliant infrastructure that enables engineering teams to move quickly with confidence. Alongside building and securing our platform, you'll help mature the controls, processes, and evidence required to support compliance initiatives such as SOC 2 and ISO 27001 as Monstro continues to scale. Working with financial institutions requires a high bar for security, governance, and operational resilience, and you'll play a critical role in ensuring our infrastructure meets those expectations without compromising engineering velocity.

As we continue to scale our platform and expand our regulated AI infrastructure, you'll play a key role in designing deployment pipelines, automating infrastructure, strengthening security controls, and driving operational excellence across our cloud environments. You'll help build the technical foundations that allow Monstro to remain secure, compliant, and audit-ready while supporting the rapid development and deployment of AI-powered products.

This is not a role where security operates separately from engineering. We believe the strongest security posture is built into the platform from day one. You'll work closely with software engineers, product teams, and leadership to establish DevSecOps practices that support both innovation and trust.

Security is a strategic priority at Monstro. As a company building infrastructure for financial institutions, we operate in an environment where trust, resilience, and compliance are foundational to our success. This role will have meaningful visibility and influence across the organization, helping shape the systems, controls, and operational practices that protect both our platform and our customers while enabling engineering teams to move quickly and safely.

No two days look the same. You may be improving Kubernetes deployment workflows in the morning, responding to a security alert in the afternoon, helping prepare evidence for a compliance review, and designing infrastructure improvements that reduce operational risk before the day is done.

What You'll Own

Platform Engineering & Infrastructure

• Design, build, and maintain scalable cloud infrastructure across GCP and supporting cloud platforms
• Implement and manage infrastructure-as-code using Terraform. Experience with Terraform is preferred, though equivalent experience with infrastructure automation tools such as Pulumi, CloudFormation, Ansible, or similar technologies is also valued.
• Manage containerized environments and orchestration platforms including Docker and Kubernetes
• Drive reliability, performance, and scalability improvements across production systems
• Support disaster recovery, business continuity, and infrastructure resilience initiatives
• Partner with engineering teams to improve developer experience and deployment velocity
• Partner with AI and product engineering teams to build the infrastructure foundations for agentic systems, enabling secure, scalable, and reliable deployment of AI-powered workflows and services.

DevOps & CI/CD

• Design, implement, and optimize CI/CD pipelines using GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar technologies
• Automate build, testing, deployment, and operational workflows to reduce manual effort and improve consistency
• Champion GitOps and infrastructure automation practices across engineering teams
• Establish monitoring, observability, and alerting frameworks using tools such as Prometheus, Grafana, Datadog, and ELK
• Improve deployment reliability and operational metrics through continuous platform enhancements

Security Operations & Governance

• Embed security controls throughout the software development lifecycle through a DevSecOps approach
• Manage vulnerability scanning, remediation programs, and patch management processes
• Implement and maintain security monitoring, SIEM tooling, intrusion detection, and threat detection capabilities
• Manage secrets, credentials, certificates, and key management systems
• Lead incident response activities, root cause investigations, and post-incident reviews
• Conduct threat modelling and security risk assessments for new and existing systems
• Partner with engineering teams to improve security awareness and secure development practices

Cloud Security & Compliance

• Apply cloud security best practices including least-privilege access controls, encryption, and network segmentation
• Design and maintain secure networking architectures including VPCs, VPNs, firewalls, load balancers, and zero-trust controls
• Support compliance initiatives aligned to frameworks such as SOC 2, ISO 27001, CIS Benchmarks, NIST, and GDPR
• Contribute to audit readiness activities and remediation efforts
• Help ensure Monstro's infrastructure meets the security expectations required within regulated financial environments

Collaboration & Engineering Excellence

• Work closely with engineering, product, and leadership teams to build a security-first engineering culture
• Maintain high-quality technical documentation including runbooks, architecture diagrams, operational procedures, and security policies
• Lead and participate in on-call rotations and operational incident management
• Mentor engineers and contribute to knowledge sharing across the organization
• Help establish best practices that improve reliability, security, and operational maturity as we scale

What We're Looking For

• 7–10+ years of experience in Platform Engineering, DevOps, Site Reliability Engineering, Security Engineering, or related infrastructure roles
• Proven experience owning and operating production cloud infrastructure in business-critical environments
• Deep expertise designing and maintaining secure, scalable, and highly available systems on GCP; experience with Azure or AWS is a plus
• Strong hands-on experience with Kubernetes, container orchestration, and container security in production environments
• Significant experience building and managing CI/CD pipelines and deployment automation using tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps
• Expert-level knowledge of Infrastructure-as-Code practices using Terraform, Ansible, Pulumi, or similar technologies
• Experience embedding security controls throughout the software development lifecycle and driving DevSecOps practices across engineering organizations
• Strong understanding of cloud security architecture, identity and access management, secrets management, network security, encryption, and zero-trust principles
• Hands-on experience operating production systems, including monitoring, alerting, observability, incident response, vulnerability management, SIEM tooling, threat detection, and SRE best practices.
• Experience supporting compliance and governance initiatives aligned with frameworks such as SOC 2, ISO 27001, NIST, CIS Benchmarks, or similar standards
• Strong scripting and automation skills using Python, Bash, or equivalent technologies
• Demonstrated ability to lead complex infrastructure, reliability, or security initiatives from design through implementation
• Comfortable operating with a high degree of autonomy in a fast-moving environment where infrastructure, security, and engineering priorities evolve rapidly
• A builder's mindset with strong ownership, sound judgment, and a bias toward practical solutions that balance security, reliability, and delivery velocity

Nice to Have

• Experience working within fintech, BankingTech, AI infrastructure, or other highly regulated industries

Why Monstro?

Ownership & Impact: Shape the future of AI-powered finance—building a category-defining product used by consumers and institutions around the world.

Experienced Team: Join a team with leadership that has a track record of scaling companies from early stage to major exits.

Principles-Driven Culture: Work in a culture that values speed, ownership, and impact—what most companies achieve in 90 days, we do in 45.

Comprehensive Compensation Package: Competitive salary, equity, and robust benefits package, including paid health, vision, dental, and disability coverage.

Base Compensation Range (New York City): $185,000 - $232,000

Final compensation will depend on a variety of factors, including experience, skills, internal leveling, and market conditions, and will be offered within the stated range in accordance with applicable pay transparency laws.

A Note on Interviewing

We sometimes use AI note-takers to help us transcribe interview notes, so we can be more present in your interview. If you'd like to opt out of us using automatic transcribers, please note this in the free text field in your application, otherwise we'll take your application as confirmation that you're happy for us to use note-takers (whether added to video calls or in the background).

Ready to Build With Us?

If you're excited to contribute to a high-bar team building something meaningful, we'd love to hear from you.