Be an early applicantLess than 25 applicants

Company

Lattice · 9 hours ago

Staff Product Security Engineer

United States

Full-time

Remote

Lead/Staff

$195K/yr - $244K/yr

Maximize your interview chances

Enterprise ApplicationsHuman Resources

H1B Sponsor Likely

Insider Connection @Lattice

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Collaborate with engineering, product, and design teams to identify risks early and architect secure solutions for Typescript-based applications (e.g., Next.js, NestJS).

Define and promote secure coding practices for modern web technologies, including REST and GraphQL APIs.

Advise & consult on the building & maintenance of security-focused libraries and reusable paved roads to prevent classes of vulnerabilities across teams.

Drive adoption of security tools (e.g., linters, SAST) and patterns that improve consistency, scalability, and developer productivity.

Lead threat modeling, targeted code reviews, and security assessments for critical product designs.

Partner with teams to triage, reproduce, and remediate vulnerabilities, providing guidance on root causes and secure alternatives.

Implement and scale automated tooling to identify common risks early in the development process.

Mentor and consult with product teams on security-by-design principles and secure development practices.

Assist in leading and scaling the Security Champions program, empowering engineers to embed security within their workflows.

Deliver tailored training and workshops to grow application security expertise across engineering.

Collaborate with designers and product managers to integrate security considerations from ideation to deployment.

Drive adoption of secure SDLC processes and tools to align engineering practices with security best practices.

Improve processes for tracking, triaging, and addressing security issues efficiently and transparently.

Ensure features involving authentication, authorization, and sensitive data meet high security standards.

Influence engineering and leadership teams to prioritize security initiatives that align with company goals.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

TypescriptGraphQLSecure coding practicesThreat modelingVulnerability detectionPythonRubyREST APIsCode reviewsOWASP Top 10Static analysis toolsDependency management toolsSecurity assessmentsNext.jsNestJSRBACABACApplication audit logsCompliance standardsAI/LLMsCollaboration skills

Required

Strong software development experience, ideally with modern web languages like Typescript (or Python, Ruby, etc.), and a proven track record of securing production applications.

Experience securing modern APIs, including GraphQL, and implementing tools to automate vulnerability detection.

Deep understanding of secure coding practices and experience designing or reviewing web applications and APIs.

Ability to identify, reproduce, and remediate security vulnerabilities (e.g., OWASP Top 10, CWE).

Familiarity with security tools for static analysis, dependency management, and vulnerability detection.

Strong communication and collaboration skills—you can translate security concepts into actionable guidance for engineers.

Preferred

Familiarity with frameworks like Next.js and NestJS, with an understanding of their security implications.

Experience with complex authorization structures (RBAC, ABAC, custom roles & permissions).

Interest or experience in addressing privacy and security considerations for in-app AI feature development, including data protection, ethical AI usage, and risk mitigation strategies.

Experience designing or implementing application audit logs to support security monitoring, forensic investigations, and compliance needs.

Experience developing product security controls that align with compliance standards (e.g., SOC2, ISO 27001, GDPR, CCPA, HIPAA) and understanding their impact on product design.

Interest or experience in leveraging emerging tools, such as AI/LLMs, to automate security reviews and enhance code quality.

Benefits

Medical insurance

Dental insurance

Vision insurance

Life, AD&D, and Disability Insurance

Emergency Weather Support

Wellness Apps

Paid Parental Leave

Paid Time off inclusive of holidays and sick time

Commuter & Parking Accounts

Lunches in the Office

Workplace Amenities Stipend

Internet and Phone Stipend

One time WFH Office Set-Up Stipend

401(k) retirement plan

Financial Planning

Learning & Development Budget

Sabbatical Program

Invest in Your People Fund

Company

Lattice

Glassdoor

3.3

Lattice is a people success platform that help business leaders develop engaged, high-performing employees, and winning cultures.

Founded in 2015

San Francisco, California, USA

501-1000 employees

http://www.lattice.com

H1B Sponsorship

Lattice has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (1)

2022 (1)

2021 (3)

2020 (5)