Senior Security Engineer

About the Role

Flex is looking for a Senior Security Engineer to support product security across our fintech platform. You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment. This role reports to the Head of Security.

What You'll Do

- Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
- Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
- Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
- Perform application security assessments, code review, and penetration testing for critical product surfaces
- Respond to and investigate complex security incidents; lead post-incident analysis and remediation
- Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
- Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
- Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices

What You'll Bring

Must Have:

- 5+ years of experience in application security, product security, or security engineering
- Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
- Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
- Experience conducting security code reviews and penetration testing
- Proficiency with cloud security in AWS environments
- Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
- Ability to own security projects from conception to completion with minimal oversight
- Excellent written and verbal communication — ability to translate security risk into business impact

Nice to Have:

- Experience in fintech, payments, or financial services
- Experience building or operating security automation tools (SAST/DAST, security review tooling)
- Security Champions program development experience
- Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
- Experience with bug bounty program management
- Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)

Why This Role

- Dedicated product security engineer — excellent opportunity to define how product security works at Flex
- Direct executive visibility: this role's work is a CTO/CRO priority
- Small team, outsized impact: 4-person security team supporting 100+ engineers
- Strong AI-forward culture: team has shipped AI-powered security review tools and embraces engineering tooling innovation
- Distributed team with async-first culture

• Tier A (NYC/SF): $156,000—$195,000 USD
• Tier B: $140,400—$175,500 USD
• Tier C: $132,600—$165,750 USD

#LI-Remote