Flex is an early-stage, remote-first FinTech startup that is bringing flexible payments to recurring bills. It’s hard to believe that it’s 2022 and you’re still not able to choose when you pay your bills. Flex is here to change that! Flex is a multi-bill platform. We began by revolutionizing rent — Americans’ largest recurring bill. Flex enables its users to pay rent and bills throughout the month on a schedule that better fits their finances. With Flex, everybody can better manage their bills and budget. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we plan to scale to 300 team members in 2022. Will you be a part of the team?

We are looking for a DevSecOps Security Automation Engineer, where your primary responsibility will involve driving the roadmap and delivery of a comprehensive strategy to capture all critical stages, triggers, and activities within our software delivery and deployment pipeline as recommended by the Cloud Security Alliance (CSA) DevSecOps Six Pillars strategy. You will be expected to take into account our native tooling and existing processes while investigating and solving for security automation in all stages of software development and deployment lifecycle. In addition to that, you will also be an active member of the security team and assist in a wide variety of efforts including secure code reviews, product security reviews, penetration testing, incident response, and other security responsibilities. You will partner with your fellow security engineers and developers to keep Flex growing while keeping us secure! We strive to work with a bias toward action.

What You’ll Bring:

Technical Stack
Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
Experience with industry tools and technologies such as SAST, DAST, ISAT, SCA, etc.
Working knowledge of common languages such as Python, GO, Javascript, Java, etc.
Experience
Strong experience in web and mobile application security issues
Strong experience in distributed platform development security and design
Experience in cloud security deployment and implementation issues (AWS, AWS security)
Proven expertise in enterprise-grade and web scale security solutions
Ability to explain complex security topics in simple terms
Ability to lead and project manage multiple security initiatives
Preferred Experience
Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.

What you’ll do in your first three months

By the end of day 1: Review and ramp up on tools used by the teams
Within the 1st week: Engage with product and developers to conduct security reviews and define security requirements.
Within the 1st month: Manage security integrations into the CI/CD pipeline, while building out security features across teams
Within 3 months: Share ownership of one or more projects, reduce tech debt, encourage best practices and improve the onboarding cycle.

What a typical day will look like:

On a typical day, you'll start your day catching up on your team's async communication channels and plan out your day. Once you're settled in, you'll check on the SecOps dashboards to check system status while checking in with your teammate handling on-call to see if you need to get ahead of any issues. You'll probably work with one of the Product teams to introduce SAST and DAST in the CI/CD pipeline while teaching them about security integration as part of SDLC. You'll manage the bug remediation queue as well as review new security alerts from the monitoring data and decide if they need further attention. You'll also be checking in with the junior members of the team to review their work with the aim to help them grow.

Life at Flex:

We understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we are remote-friendly with employees located throughout the US, Australia, Brazil, and Israel. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace.

We offer many employee benefits, including:

- Competitive pay

- Company-paid medical, dental, and vision

- 401(k) + company stock options

- Unlimited paid time off + company paid holidays

- Parental leave + IVF and adoption support

- Flex Cares Program: Non-profit company match + pet adoption coverage

- Pet Insurance

- Free Flex subscription

Apply for this job