Flock
Security
StaffSecurityEngineer,PSIRT
Neural analysis suggests this role is
optimal for Senior candidates.
“Staff Security Engineer, PSIRT at Flock. Skills: PSIRT, Vulnerability management, Incident response. Stand up PSIRT. Run PSIRT”
What You'll Achieve.
Reduce risk for devices; Reduce risk for customers; Track time-to-triage; Track time-to-fix; Track time-to-disclose
Industry & Context.
Root cause analysis
Fingerprint-based background check
What They're Looking For.
Must Have
7+ years security engineering, 4+ years running PSIRT, Product security experience, Coordinated vulnerability disclosure function, FIRST PSIRT Services Framework v1.1, CNA operational experience, Deep knowledge of CNA Operational Rules v4.x, CVE scope definition, Root coordination knowledge, Deep familiarity with ISO/IEC 29147, Deep familiarity with ISO/IEC 30111, Familiarity with CERT/CC Guide to CVD, Familiarity with CISA Binding Operational Directive 20-01, Embedded/Firmware Security, Linux/Android Device Security, Cloud Security on AWS, Mobile/Web App Security, ML/CV Model Security, Fluent with CVSS v3.1/v4.0, Fluent with CWE classification, Fluent with EPSS, Fluent with SSVC frameworks, Exceptional written skills, Ability to obtain CJIS certification
Nice to Have
Experience shipping connected hardware
What You'll Do.
Coordinate vulnerability fixes
Coordinate security validation
Drive fixes to closure
Set public advisories
Reduce risk for devices
Reduce risk for customers
Assess security landscape
Establish stakeholder relationships
Define incident response matrix
Draft PSIRT operating plan
Complete CNA onboarding
Validate end-to-end workflow
Process identifier assignment
Establish tracking workflows
Establish documentation templates
Streamline logging findings
Streamline remediation findings
Streamline reporting findings
Automate logging findings
Automate remediation findings
Automate reporting findings
Manage response operations
Track time-to-disclose
Deliver performance updates
Execute public security advisories
How You'll Work.
Team & Collaboration
Cross-functional teams; Detection & Response team; Corporate Security; Engineering teams; Legal teams; Communications teams; Support teams; Hardware teams; Firmware teams; Device SRE teams; Cloud SRE teams; Mobile teams; ML teams; Customer Support teams
Communication Scope
Customer-facing advisories; CVE records; Internal postmortems; Executive summaries; Public security advisories
Process & Methodology
SLA management, Metrics tracking
Full Job Description
WHO IS FLOCK? Every community deserves to be safe, it’s a fundamental right. Our mission is simple - to build technology that reduces crime and protects privacy. Flock partners with cities, businesses, schools, and neighborhoods to help protect where people live, work, and play. Last year, Flock technology supported over 1 million criminal investigations. We've also helped solve approximately 20% of reported crimes in areas where we're deployed, and have played a role in locating more than 10,000 missing people. We are a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact. The work is fast-paced and the expectations are high. We push beyond perceived limits, support each other, and hold ourselves accountable to delivering results that matter. With over $1B in funding and an $8.3B valuation, we are scaling with intention and investing in the people who will help us build what others said could not be done. At Flock, you will find the opportunity to grow quickly, take on real responsibility, and contribute to something bigger than yourself. The Opportunity As a Staff Security Engineer, PSIRT Lead, you will stand up and run Flock's Security Incident Response Team (PSIRT) as the single point of accountability for every externally-reported and internally-discovered vulnerability that touches a Flock product. Coordinating with teams about fixes happens as much as coordinating with your security counterparts for security validation. You will be the operational owner of our newly established CNA, the technical owner of our Coordinated Vulnerability Disclosure (CVD) program, and the cross-functional coordinator who drives fixes to closure across Hardware, Firmware, Device SRE, Cloud SRE, Mobile, ML, Legal, Comms, and Customer Support. This is an individual contributor role with no direct reports. You will lead by influence across engineering, legal, communications, and support, setting the SLAs, the metrics, the playbooks, and the
Applying for this Staff Security Engineer, PSIRT role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Flock?
Real rants from real employees. Read before you apply.