Lattice
Senior Product Security Engineer
Lattice, New York, New York, us, 10261
This is Engineering at Lattice
Lattice's Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We're highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.What You Will DoMentor and advise product development teams in the area of application securityAssist teams in reproducing, triaging, and addressing application security vulnerabilitiesAssist in the implementation of security processes and automated tooling that prevent classes of security issuesDesign and implement Typescript code libraries and patterns to improve application securityPerform security-focused code reviewsWork with infrastructure teams to ensure our systems are secureSupport the bug bounty programEvaluate tools, from SAST/DAST to cloud security analysis tooling, among othersLead application security reviews and threat modeling, including code review and dynamic testingHelp develop security training and socialize the material with product development teamsWhat You Will Bring to the Table
Experience it's important for you to have at some level:Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or RubyFamiliarity with secure coding practicesFamiliarity with security tools and libraries such as static/dynamic analysis tools and penetration testing toolsFamiliarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)Strong understanding and experience with common security libraries, security controls, and common security flawsStrong communication and collaboration skillsExperience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.Familiarity with containerization (Docker, containerd, etc) and KubernetesExperience developing and operating cloud systems in AWSExperience with GraphQL
The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice's applicable plans
Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund
*Note on Pay Transparency:
Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.
Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.
#LI-remote
About Lattice
Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning - and Lattice is building the tools to empower those people-centric companies.
Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement - yielding stronger employee retention, performance, and impact to the bottom line . Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto.
Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.
Lattice's Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We're highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.What You Will DoMentor and advise product development teams in the area of application securityAssist teams in reproducing, triaging, and addressing application security vulnerabilitiesAssist in the implementation of security processes and automated tooling that prevent classes of security issuesDesign and implement Typescript code libraries and patterns to improve application securityPerform security-focused code reviewsWork with infrastructure teams to ensure our systems are secureSupport the bug bounty programEvaluate tools, from SAST/DAST to cloud security analysis tooling, among othersLead application security reviews and threat modeling, including code review and dynamic testingHelp develop security training and socialize the material with product development teamsWhat You Will Bring to the Table
Experience it's important for you to have at some level:Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or RubyFamiliarity with secure coding practicesFamiliarity with security tools and libraries such as static/dynamic analysis tools and penetration testing toolsFamiliarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)Strong understanding and experience with common security libraries, security controls, and common security flawsStrong communication and collaboration skillsExperience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.Familiarity with containerization (Docker, containerd, etc) and KubernetesExperience developing and operating cloud systems in AWSExperience with GraphQL
The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice's applicable plans
Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund
*Note on Pay Transparency:
Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.
Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.
#LI-remote
About Lattice
Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning - and Lattice is building the tools to empower those people-centric companies.
Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement - yielding stronger employee retention, performance, and impact to the bottom line . Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto.
Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.