Degree, Inc.
Senior Product Security Engineer
Degree, Inc., Jackson, Mississippi, United States,
This is Engineering at LatticeLattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.
What You Will Do
Mentor and advise product development teams in the area of application security
Assist teams in reproducing, triaging, and addressing application security vulnerabilities
Assist in the implementation of security processes and automated tooling that prevent classes of security issues
Design and implement Typescript code libraries and patterns to improve application security
Perform security-focused code reviews
Work with infrastructure teams to ensure our systems are secure
Support the bug bounty program
Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
Lead application security reviews and threat modeling, including code review and dynamic testing
Help develop security training and socialize the material with product development teams
What You Will Bring to the TableExperience it’s important for you to have at some level:
Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
Familiarity with secure coding practices
Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
Strong understanding and experience with common security libraries, security controls, and common security flaws
Strong communication and collaboration skills
Experience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
Familiarity with containerization (Docker, containerd, etc) and Kubernetes
Experience developing and operating cloud systems in AWS
Experience with GraphQL
#J-18808-Ljbffr
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.
What You Will Do
Mentor and advise product development teams in the area of application security
Assist teams in reproducing, triaging, and addressing application security vulnerabilities
Assist in the implementation of security processes and automated tooling that prevent classes of security issues
Design and implement Typescript code libraries and patterns to improve application security
Perform security-focused code reviews
Work with infrastructure teams to ensure our systems are secure
Support the bug bounty program
Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
Lead application security reviews and threat modeling, including code review and dynamic testing
Help develop security training and socialize the material with product development teams
What You Will Bring to the TableExperience it’s important for you to have at some level:
Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
Familiarity with secure coding practices
Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
Strong understanding and experience with common security libraries, security controls, and common security flaws
Strong communication and collaboration skills
Experience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
Familiarity with containerization (Docker, containerd, etc) and Kubernetes
Experience developing and operating cloud systems in AWS
Experience with GraphQL
#J-18808-Ljbffr