Staff Security Engineer, CJIS Certified

Job Summary

Leading the Security Incident Response Team (PSIRT), the full-time Staff Security Engineer, CJIS Certified will manage vulnerability responses, coordinate cross-functional teams for security fixes, and establish operational protocols while working remotely.

Key responsibilities

• Oversee the end-to-end management of externally-reported and internally-discovered vulnerabilities affecting Flock products
• Establish and maintain the Coordinated Vulnerability Disclosure (CVD) program, ensuring effective communication and resolution across multiple teams
• Develop and implement security advisories, metrics, and playbooks to enhance the security posture of Flock's products

Required qualifications

• 7+ years in security engineering with at least 4 years leading a PSIRT or similar function
• Hands-on experience with CVE Numbering Authority (CNA) operations and vulnerability management frameworks
• Deep understanding of product security, particularly in embedded/firmware security, cloud security, or mobile/web app security
• Exceptional written communication skills for drafting security advisories and internal documentation
• Ability to obtain and maintain CJIS certification as a condition of employment