Senior Security Engineer

### Who you are
- 5+ years of experience in application security, product security, or security engineering
- Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
- Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
- Experience conducting security code reviews and penetration testing
- Proficiency with cloud security in AWS environments
- Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
- Ability to own security projects from conception to completion with minimal oversight
- Excellent written and verbal communication — ability to translate security risk into business impact
- Experience in fintech, payments, or financial services
- Experience building or operating security automation tools (SAST/DAST, security review tooling)
- Security Champions program development experience
- Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
- Experience with bug bounty program management
- Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)

### What the job involves
- Flex is looking for a Senior Security Engineer to support product security across our fintech platform
- You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment
- This role reports to the Head of Security
- Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
- Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
- Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
- Perform application security assessments, code review, and penetration testing for critical product surfaces
- Respond to and investigate complex security incidents; lead post-incident analysis and remediation
- Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
- Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
- Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices
- You'll be a dedicated product security engineer — excellent opportunity to define how product security works at Flex
- Direct executive visibility: this role's work is a CTO/CRO priority
- Small team, outsized impact: 4-person security team supporting 100+ engineers
- Strong AI-forward culture: team has shipped AI-powered security review tools and embraces engineering tooling innovation
- Distributed team with async-first culture

### Benefits
- 100% company-paid medical, dental, and vision
- 401(k) + company stock options
- Unlimited paid time off + company paid holidays
- Parental leave + IVF and adoption support
- Flex Cares Program: Non-profit company match + pet adoption coverage
- Pet Insurance
- Free Flex subscription