Lattice · 12 hours ago
Staff Product Security Engineer
Maximize your interview chances
Enterprise ApplicationsHuman Resources
H1B Sponsor Likely
Insider Connection @Lattice
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Collaborate with engineering, product, and design teams to identify risks early and architect secure solutions for Typescript-based applications (e.g., Next.js, NestJS).
Define and promote secure coding practices for modern web technologies, including REST and GraphQL APIs.
Advise & consult on the building & maintenance of security-focused libraries and reusable paved roads to prevent classes of vulnerabilities across teams.
Drive adoption of security tools (e.g., linters, SAST) and patterns that improve consistency, scalability, and developer productivity.
Lead threat modeling, targeted code reviews, and security assessments for critical product designs.
Partner with teams to triage, reproduce, and remediate vulnerabilities, providing guidance on root causes and secure alternatives.
Implement and scale automated tooling to identify common risks early in the development process.
Mentor and consult with product teams on security-by-design principles and secure development practices.
Assist in leading and scaling the Security Champions program, empowering engineers to embed security within their workflows.
Deliver tailored training and workshops to grow application security expertise across engineering.
Collaborate with designers and product managers to integrate security considerations from ideation to deployment.
Drive adoption of secure SDLC processes and tools to align engineering practices with security best practices.
Improve processes for tracking, triaging, and addressing security issues efficiently and transparently.
Ensure features involving authentication, authorization, and sensitive data meet high security standards.
Influence engineering and leadership teams to prioritize security initiatives that align with company goals.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Strong software development experience, ideally with modern web languages like Typescript (or Python, Ruby, etc.), and a proven track record of securing production applications.
Experience securing modern APIs, including GraphQL, and implementing tools to automate vulnerability detection.
Deep understanding of secure coding practices and experience designing or reviewing web applications and APIs.
Ability to identify, reproduce, and remediate security vulnerabilities (e.g., OWASP Top 10, CWE).
Familiarity with security tools for static analysis, dependency management, and vulnerability detection.
Strong communication and collaboration skills—you can translate security concepts into actionable guidance for engineers.
Preferred
Familiarity with frameworks like Next.js and NestJS, with an understanding of their security implications.
Experience with complex authorization structures (RBAC, ABAC, custom roles & permissions).
Interest or experience in addressing privacy and security considerations for in-app AI feature development, including data protection, ethical AI usage, and risk mitigation strategies.
Experience designing or implementing application audit logs to support security monitoring, forensic investigations, and compliance needs.
Experience developing product security controls that align with compliance standards (e.g., SOC2, ISO 27001, GDPR, CCPA, HIPAA) and understanding their impact on product design.
Interest or experience in leveraging emerging tools, such as AI/LLMs, to automate security reviews and enhance code quality.
Benefits
Medical insurance
Dental insurance
Vision insurance
Life, AD&D, and Disability Insurance
Emergency Weather Support
Wellness Apps
Paid Parental Leave
Paid Time off inclusive of holidays and sick time
Commuter & Parking Accounts
Lunches in the Office
Workplace Amenities Stipend
Internet and Phone Stipend
One time WFH Office Set-Up Stipend
401(k) retirement plan
Financial Planning
Learning & Development Budget
Sabbatical Program
Invest in Your People Fund
Company
Lattice
Lattice is a people success platform that help business leaders develop engaged, high-performing employees, and winning cultures.
H1B Sponsorship
Lattice has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2022 (1)
2021 (3)
2020 (5)
Funding
Current Stage
Late StageTotal Funding
$330.32MKey Investors
Tiger Global ManagementShasta VenturesThrive Capital
2022-01-19Series F· $175M
2021-03-23Series E· $60M
2020-07-14Series D· $45M
Recent News
2024-12-11
2024-11-08
Company data provided by crunchbase