Staff Product Security Engineer

Flexera saves customers billions of dollars in wasted technology spend. A pioneer in Hybrid ITAM and FinOps, Flexera provides award-winning, data-oriented SaaS solutions for technology value optimization (TVO), enabling IT, finance, procurement and cloud teams to gain deep insights into cost optimization, compliance and risks for each business service. Flexera One solutions are built on a set of definitive customer, supplier and industry data, powered by our Technology Intelligence Platform, that enables organizations to visualize their Enterprise Technology Blueprint™ in hybrid environments—from on-premises to SaaS to containers to cloud. We’re transforming the software industry.  We’re Flexera.  With more than 50,000 customers across the world, we’re achieving that goal. But we know we can’t do any of that without our team.  Ready to help us re-imagine the industry during a time of substantial growth and ambitious plans?  Come and see why we’re consistently recognized by Gartner, Forrester and IDC as a category leader in the marketplace. Learn more at flexera.com Staff Security Engineer Information Security  ·  Senior Individual Contributor We are a SaaS and on-premises software company with four decades of product history and a customer base that spans regulated industries globally. We are looking for a Staff Security Engineer who will own the day-to-day execution of our security programme across three domains: Application Security, Vulnerability Management, and Governance & Compliance. This is a senior individual contributor role — you will set the pace, shape the practices, and be the person engineering teams turn to when they need security embedded into how they build. If you are the kind of person who finds building the programme from a mandate more satisfying Key Responsibilities Application Security Lead threat modelling and security design reviews across new and existing products Define and enforce security gates within CI/CD pipelines Conduct code and architecture reviews and deliver written findings to engineering teams Build and maintain developer security guidance, secure coding standards, and SDLC integration practices Vulnerability Management Own scanner configuration, tuning, and operational management (Qualys or equivalent) Triage and prioritise vulnerability findings across all products and infrastructure Define and enforce remediation SLAs in collaboration with engineering leads Maintain vulnerability metrics, dashboards, and executive-level reporting Escalate unresolved or high-risk findings with clear business impact framing Governance & Compliance Drive evidence collection and gap closure for ISO 27001, NIS2, and EU CRA Coordinate with internal and external auditors through audit cycles Respond to enterprise customer security questionnaires and due diligence requests Maintain compliance programme tracking against regulatory deadlines Contribute to security policies and standards where they directly support programme delivery Cross-Functional & Programme Coordinate work across contractors, interns, and engineering teams with clear written assignments and acceptance criteria Represent security in product and engineering forums — without requiring management escalation for routine decisions Identify and flag risk proactively; escalate with proposed mitigations, not just problems Contribute to the security roadmap and milestone planning in partnership with the Head of Information Security What We Are Looking For 10+ years of experience in security engineering or architecture Demonstrated ownership of vulnerability management or application security programs (end‑to‑end accountability, not partial contribution) Ability to make independent, defensible risk decisions Strong written communication skills, including clear work instructions for others Experience representing security to engineering leadership and external auditors Hands-on experience with vulnerability scanning tools (Qualys or equivalent) Practical knowledge of integrating security into the SDLC Working understanding of multiple compliance frameworks across different markets Proven ability to plan work, delegate clearly, and drive outcomes (not just activity) High autonomy—does not require step‑by‑step direction Comfortable operating in ambiguity and building structure where none exists Good to Have: Familiarity with Prisma Cloud, GitHub Advanced Security, or SBOM tooling Experience with ISO, EU Cyber Resilience Act (CRA), NIS2, or equivalent product security regulations Flexera is proud to be an equal opportunity employer.  Qualified applicants will be considered for open roles regardless of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by local/national laws, policies and/or regulations.  Flexera understands the value that results from employing a diverse, equitable, and inclusive workforce. We recognize that equity necessitates acknowledging past exclusion and that inclusion requires intentional effort. Our DEI (Diversity, Equity, and Inclusion) council is the driving force behind our commitment to championing policies and practices that foster a welcoming environment for all. We encourage candidates requiring accommodations to please let us know by emailing careers@flexera.com.