Key skills
AIMLAWSSDLCCommunicationAccount ManagementOWASPPenetration TestingCloud Security
About this role
Flex is a growth-stage FinTech company headquartered in NYC, focused on creating the best rent payment experience. They are seeking a Senior Security Engineer to support product security across their platform, ensuring security is integrated from design through deployment while working closely with product and engineering teams.
Responsibilities:
- Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
- Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
- Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
- Perform application security assessments, code review, and penetration testing for critical product surfaces
- Respond to and investigate complex security incidents; lead post-incident analysis and remediation
- Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
- Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
- Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices
Requirements:
- 5+ years of experience in application security, product security, or security engineering
- Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
- Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
- Experience conducting security code reviews and penetration testing
- Proficiency with cloud security in AWS environments
- Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
- Ability to own security projects from conception to completion with minimal oversight
- Excellent written and verbal communication — ability to translate security risk into business impact
- Experience in fintech, payments, or financial services
- Experience building or operating security automation tools (SAST/DAST, security review tooling)
- Security Champions program development experience
- Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
- Experience with bug bounty program management
- Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)