Product Security Engineer

Remote

Flock Safety

From creating safer neighborhoods to protecting employees and property, we help you deter and solve crime with tools customized and scaled to your needs.

View company page

Eliminate Crime. Build Community. 

Flock Safety provides a public safety operating system that empowers private communities and law enforcement to work together to eliminate crime. We are committed to protecting human privacy and mitigating bias in policing with the development of best-in-class technology rooted in ethical design, which unites civilians and public servants in pursuit of a safer, more equitable society. 

Our Safety-as-a-Service approach includes affordable devices powered by LTE and solar that can be installed anywhere.  Our technology detects and captures objective details, decodes evidence in real-time and delivers investigative leads into the hands of those who matter. 

While safety is a serious business, we are a supportive team that is optimizing the remote experience to create strong and fun relationships even when we are physically apart. Our flock of hard-working employees thrive in a positive and inclusive environment, where a bias towards action is rewarded. Flock Safety is headquartered in Atlanta and operates nationwide. We are well funded by Meritech Capital, Initialized Capital, YCombinator, Matrix Partners, BedRock Capital, and Founders Fund - and we're scaling quickly.

About the opportunity 

Flock Safety is looking to add a Product Security Engineer to our growing company. Today, Flock Safety has over 300 employees in 30+ states and is rapidly expanding. As a member of the Information Systems team this person will report to our Director of Information Security. The primary responsibilities include working directly with our hardware and software development teams to ensure we continue creating a product that prioritizes security, privacy and ethics. 

How You Will Take Flight With Flock

  • Perform and manage pentesting engagements and security reviews of Flock Safety’s products and services
  • Identify and fix security gaps and vulnerabilities through SAST, DAST, IAST, SCA, penetration testing, and code reviews
  • Create training, processes, and documentation to promote secure coding practices
  • Collaborate with our internal security team on building and implementing strong controls so that security incidents are less likely to happen
  • Partner with our internal security team to represent Flock Safety’s security practices and policies to customers
  • Engage with multiple product and infrastructure partners in discovering and remediating security problems that affect Flock Safety’s services
  • Assess and present security risk, solutions and tradeoffs that enables risk-based decision making with respect to our product and infrastructure security
  • Manage and implement fixes to remediate findings from the Flock Safety bug bounty program
  • Ensure end-to-end security of our product with hands-on testing, hypothesizing threats, helping development teams remediating risks upfront, and championing secure implementation efforts
  • Help Developers mitigate identified vulnerabilities by providing and/or helping to implementing technical solutions
  • Develop custom tools and automation that enable DevSecOps and SecOps.
  • Proactively research the latest vulnerabilities and exploits
  • Collaborate with product development and solution teams proactively to manage security risk aligned with business goals
  • Aid in instilling a culture of security in our remote-first work environment
  • Participate in an after-hours oncall rotation
  • Perform special projects and tasks as assigned by the Director of Information Security.

About You

  • Have 5+ years of hands-on technical work experience in security engineering at high growth technology companies
  • Demonstrated experience in programming languages (e.g. Typescript, Python, SQL, Groovy) and development tools (e.g. Terraform, Kubernetes, Jenkins)
  • Experience reviewing code in the languages listed above
  • Deep technical working knowledge of AWS, and their security tools (IAM, CloudTrail, GuardDuty, Inspector, etc.)
  • Ability to successfully integrate security into a developers world
  • Experience managing a bug bounty program
  • Deep knowledge and experience in using SAST, DAST, IAST, SCA, and fuzz testing tools
  • A strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
  • Strong understanding of secure coding standards and security risks e.g. OWASP Top 10.
  • Familiar with agile development processes and have experience integrating secure development practices into the agile model.
  • Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI).
  • Experience working with development, engineering, and architecture teams to ensure security best practices are followed.
  • Ability to communicate effectively utilizing critical thinking skills, the ability to learn new concepts, and problem-solving as they arise.
  • Have proven experience in shaping technical security strategies for complex problems and executing against them
  • Enjoy building productive relationships with other functional groups to promote a culture of security
  • Bias towards operational excellence with a strong attention to detail
  • Be excited about working on a fast-paced, constantly evolving product

 

Why join the Flock? 

When you join the Flock, you are joining a diverse team of passionate, ambitious, intelligent people that put team over self. We offer competitive salary (commensurate with experience), equity in the company, take what you need vacation policy, and the opportunity to grow your career at a fast-paced, high growth mission-driven startup. We genuinely care about the well-being of our employees both in and out of the office and understand the importance of work/life balance. We’d love for you to join us in the fight to eliminate crime, one community at a time.

Tags: Agile Automation AWS Cryptography DAST DevSecOps Exploits IAM Kubernetes OWASP Pentesting PKI Privacy Product security Python SAST SecOps SQL Terraform TLS TypeScript Vulnerabilities

Perks/benefits: Career development Competitive pay Equity Flex vacation Startup environment

Region: Remote/Anywhere
Job stats:  22  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.