Senior Security Engineer

Flex is looking for a Senior Security Engineer to support product security across our fintech platform. You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment. This role reports to the Head of Security.

- Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
- Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
- Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
- Perform application security assessments, code review, and penetration testing for critical product surfaces
- Respond to and investigate complex security incidents; lead post-incident analysis and remediation
- Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
- Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
- Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices

- 5+ years of experience in application security, product security, or security engineering
- Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
- Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
- Experience conducting security code reviews and penetration testing
- Proficiency with cloud security in AWS environments
- Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
- Ability to own security projects from conception to completion with minimal oversight
- Excellent written and verbal communication — ability to translate security risk into business impact

- Experience in fintech, payments, or financial services
- Experience building or operating security automation tools (SAST/DAST, security review tooling)
- Security Champions program development experience
- Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
- Experience with bug bounty program management
- Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)

- Dedicated product security engineer — excellent opportunity to define how product security works at Flex
- Direct executive visibility: this role's work is a CTO/CRO priority
- Small team, outsized impact: 4-person security team supporting 100+ engineers
- Strong AI-forward culture: team has shipped AI-powered security review tools and embraces engineering tooling innovation
- Distributed team with async-first culture

• Tier A (NYC/SF): $156,000—$195,000 USD
• Tier B: $140,400—$175,500 USD
• Tier C: $132,600—$165,750 USD

#LI-Remote

We understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we have employees located throughout the US, Australia, Canada and South America. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace.

Roles posted in New York, San Francisco, and Salt Lake City are hybrid positions with on-site expectations of 2-3 days per week in our local offices. For candidates outside of these areas, you may be eligible for our relocation assistance program.