Please note that we will never request payment or bank account information at any stage of the recruitment process. As we continue to grow our teams, we urge you to be cautious of fraudulent job postings or recruitment activities that misuse our company name and information. Please protect your personal information during any recruitment process. While Monks may contact potential candidates via LinkedIn, all applications must be submitted through our official website (monks.com/careers).

Application Security Engineer

Location: Colombia

.Monks Technology Services, part of Media.Monks and S4 Capital, is a global consulting firm mastering AI-powered transformations for the Fortune 100. We combine long-term strategic thinking, deep enterprise experience, and a human-centered approach to help clients transform business processes and dominate their industries.

About the Role

As an Application Security Engineer, you’ll help secure high-stakes, proprietary application platforms by leading end-to-end penetration testing, performing deep secure code reviews, and driving DevSecOps tooling integrations that improve visibility, reduce risk, and accelerate remediation across global engineering teams.

Responsibilities

Lead end-to-end application penetration testing efforts, combining manual techniques with automated testing to uncover complex vulnerabilities
Partner with engineering teams to propose, plan, and execute tactical security objectives that harden the application layer
Manage, monitor, and optimize application security tooling, including SAST, DAST, IAST, and ASPM solutions
Integrate security testing and controls into CI/CD pipelines to enable scalable, repeatable DevSecOps practices
Perform secure code reviews across polyglot environments (e.g., C++, C#, Java, JavaScript) and provide actionable remediation guidance
Develop and maintain security metrics and reporting that clearly communicate risk exposure and remediation progress to technical and executive stakeholders
Create and maintain application security procedures, standards, and playbooks to support consistent execution across distributed teams
Other duties as assigned

About You

Qualifications & Skills

7+ years of relevant work experience in Application Security, including 5+ years focused on penetration testing
Strong knowledge of common vulnerability classes and risk frameworks (e.g., OWASP Top 10, SANS Top 25) with the ability to translate technical findings into business impact
Hands-on experience with SAST/DAST/IAST tools and integrating them into modern CI/CD workflows
Experience working with ASPM solutions to centralize, prioritize, and operationalize application security findings
Deep understanding of REST-based architectures and modern application implementation patterns
Ability to operate autonomously with minimal supervision in fast-paced, high-stakes environments
Strong analytical and problem-solving skills, with a collaborative approach to working across globally distributed teams
Nice to have: OSCP/OSWE (or equivalent), experience in financial services or low-latency platforms, and scripting ability in Python/Go to automate testing and tool integrations

.Monks Technology Services does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation,

#LI-PC1

#LI-Remote

About Monks

Monks is the global, digital-first, data-driven, unitary operating brand of S4 Capital plc. With a legacy of innovation and specialized expertise, Monks combines an extraordinary range of global Marketing and Technology Services to redefine how brands interact with the world. Through Monks.Flow, its flagship AI ecosystem for marketing orchestration, Monks transforms marketing into a growth engine, collapsing timelines and connecting brands to culture in real time. By deploying bespoke intelligent agents across disciplines and delivering culturally relevant, high-impact creative and digital solutions, Monks solves key critical business challenges across the entire brand enterprise to help brands sustain long-term impact.

Monks was named a Contender in The Forrester Wave™: Global Marketing Services, ranks among Cannes Lions' Top 10 Creative Companies (2022-25) and remains the only partner featured in AdExchanger’s Programmatic Power Players list every year (2020-24). Named Adweek’s first AI Agency of the Year (2023) and The One Show’s inaugural AI Pioneer Organization, Monks was also awarded Business Intelligence Group’s 2025 Excellence in Artificial Intelligence Award in both the Organizational and AI Product categories. As a trusted partner to cutting-edge innovators in tech, Monks earned titles such as Optimizely Experimentation Partner of the Year (2025), runner-up for the Adobe Firefly Partner Award (2024), and Workato’s AI Visionary Customer Impact Award (2024). Additionally, Monks achieved a record-breaking number of FWAs and continues to hold the most of any partner.

We are an equal-opportunity employer committed to building a respectful and empowering work environment for all people to freely express themselves amongst colleagues who embrace diversity in all respects. Including fresh voices and unique points of view in all aspects of our business not only creates an environment where we can all grow and thrive but also increases our potential to produce work that better represents—and resonates with—the world around us.

Application Security Engineer