Senior Security Engineer

Senior Security Engineer

About the Company

Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2026 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense.

About the Role

Flex is looking for a Senior Security Engineer to support product security across our fintech platform. You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment. This role reports to the Head of Security.

What You'll Do

• Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services
• Lead security design reviews for Flex's payment processing, account management, and partner integration platforms
• Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education
• Perform application security assessments, code review, and penetration testing for critical product surfaces
• Respond to and investigate complex security incidents; lead post-incident analysis and remediation
• Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration)
• Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering
• Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices

What You'll Bring

Must Have:

• 5+ years of experience in application security, product security, or security engineering
• Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
• Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices