Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in application security, product security, or security engineering
• Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
• Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
• Experience conducting security code reviews and penetration testing
• Proficiency with cloud security in AWS environments
• Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
• Ability to own security projects from conception to completion with minimal oversight
• Excellent written and verbal communication — ability to translate security risk into business impact

Nice To Haves

• Experience in fintech, payments, or financial services
• Experience building or operating security automation tools (SAST/DAST, security review tooling)
• Security Champions program development experience
• Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
• Experience with bug bounty program management
• Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)

Responsibilities

• Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
• Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
• Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
• Perform application security assessments, code review, and penetration testing for critical product surfaces
• Respond to and investigate complex security incidents; lead post-incident analysis and remediation
• Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
• Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
• Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices

Benefits

• Competitive medical, dental, and vision available from Day 1
• Company equity
• 401(k) plan with company match (our company match kicks off at the beginning of 2026)
• Unlimited paid time off + 13 company paid holidays
• Parental leave
• Flex Cares Program
• Free Flex subscription
• Competitive compensation + company equity
• Unlimited PTO