[Remote] Staff Security Engineer, PSIRT

Note: The job is a remote job and is open to candidates in USA. Flock is dedicated to building technology that reduces crime and protects privacy. They are seeking a Staff Security Engineer to lead the Security Incident Response Team (PSIRT), responsible for managing vulnerabilities in Flock products and coordinating with various teams to ensure security measures are effectively implemented.

Responsibilities

• Stand up and run Flock's Security Incident Response Team (PSIRT) as the single point of accountability for every externally-reported and internally-discovered vulnerability that touches a Flock product
• Coordinate with teams about fixes and with security counterparts for security validation
• Be the operational owner of our newly established CNA and the technical owner of our Coordinated Vulnerability Disclosure (CVD) program
• Drive fixes to closure across Hardware, Firmware, Device SRE, Cloud SRE, Mobile, ML, Legal, Comms, and Customer Support
• Lead by influence across engineering, legal, communications, and support, setting the SLAs, metrics, playbooks, and public security advisories
• Partner closely with our Detection & Response team and Corporate Security, focusing on product security to reduce risk for devices in the field and customers

Skills

• 7+ years in security engineering with at least 4 years directly running or leading a PSIRT, product security, or coordinated vulnerability disclosure function
• Experience at a company that ships connected hardware (LPR/IP cameras, ICS/OT, automotive, medical, or networking gear) is highly preferred
• Demonstrated end-to-end ownership of the FIRST PSIRT Services Framework v1.1 service areas (Stakeholder Ecosystem, Discovery, Triage, Remediation, Disclosure)
• Hands-on operational experience acting as a CVE Numbering Authority (CNA) or leading the technical onboarding of one
• Deep knowledge of CNA Operational Rules v4.x, CVE scope definition, and root coordination (CISA ICS-CERT, MITRE)
• Deep familiarity with ISO/IEC 29147 (disclosure), ISO/IEC 30111 (handling), the CERT/CC Guide to CVD, and CISA Binding Operational Directive 20-01
• Strong technical understanding across product security, with deep operational experience in at least three of the following: Embedded/Firmware Security, Linux/Android Device Security, Cloud Security on AWS, Mobile/Web App Security, ML/CV Model Security
• Fluent with CVSS v3.1/v4.0, CWE classification, EPSS, and SSVC frameworks
• Exceptional written skills
• Ability to obtain and maintain CJIS certification as a condition of employment
• Experience at a company that ships connected hardware (LPR/IP cameras, ICS/OT, automotive, medical, or networking gear) is highly preferred

Benefits

• Offers Equity
• Flexible PTO: We offer non-accrual PTO, plus 11 company holidays.
• Fully-paid [health benefits](https://drive.google.com/file/d/1ZJtOz4awU9zcMeAtDbiha9Z2Oze1LRDH/view?usp=sharing) plan for employees: including Medical, Dental, and Vision and an HSA match.
• Family Leave: All employees receive 12 weeks of 100% paid parental leave. Birthing parents are eligible for an additional 6-8 weeks of physical recovery time.
• Fertility & Family Benefits: We have partnered with [Maven](https://www.mavenclinic.com/), a complete digital health benefit for starting and raising a family. Flock will provide a $50,000-lifetime maximum benefit related to eligible adoption, surrogacy, or fertility expenses.
• Spring Health: Spring Health offers a variety of mental health benefits, including therapy, coaching, medication management, and digital tools, all tailored to each individual's needs.
• Caregiver Support: We have partnered with [Cariloop](https://www.cariloop.com/) to provide our employees with caregiver support
• Carta Tax Advisor: Employees receive 1:1 sessions with Equity Tax Advisors who can address individual grants, model tax scenarios, and answer general questions.
• ERGs: We want all employees to thrive and feel like they belong at Flock. We offer four ERGs today - Women of Flock, Flock Proud, LEOs and Melanin Motion. If you are interested in talking to a representative from one of these, please let your recruiter know.
• WFH Stipend: $150 per month to cover the costs of working from home.
• Productivity Stipend: $300 per year to use on Audible, Calm, Masterclass, Duolingo and so much more.
• Home Office Stipend: A one-time $750 to help you create your dream office.

Company Overview

Company H1B Sponsorship