Staff Product Security Engineer

Summary

Join Lattice's Engineering team as a Staff Product Security Engineer and partner with product teams to ensure application security. You will provide technical leadership in shaping security architecture, defining secure coding practices, and preventing vulnerabilities. Responsibilities include delivering secure development libraries and tools, conducting reviews and threat models, and enabling teams through education and mentorship. You will scale security knowledge across engineering and improve processes for building secure products. The role requires strong software development experience, particularly with modern web languages and securing production applications. A deep understanding of secure coding practices and vulnerability remediation is essential.

Requirements

• Strong software development experience, ideally with modern web languages like Typescript (or Python, Ruby, etc.), and a proven track record of securing production applications
• Experience securing modern APIs, including GraphQL, and implementing tools to automate vulnerability detection
• Deep understanding of secure coding practices and experience designing or reviewing web applications and APIs
• Ability to identify, reproduce, and remediate security vulnerabilities (e.g., OWASP Top 10, CWE)
• Familiarity with security tools for static analysis, dependency management, and vulnerability detection
• Strong communication and collaboration skills—you can translate security concepts into actionable guidance for engineers

Responsibilities

• Collaborate with engineering, product, and design teams to identify risks early and architect secure solutions for Typescript-based applications (e.g., Next.js, NestJS)
• Define and promote secure coding practices for modern web technologies, including REST and GraphQL APIs
• Advise & consult on the building & maintenance of security-focused libraries and reusable paved roads to prevent classes of vulnerabilities across teams
• Drive adoption of security tools (e.g., linters, SAST) and patterns that improve consistency, scalability, and developer productivity
• Lead threat modeling, targeted code reviews, and security assessments for critical product designs
• Partner with teams to triage, reproduce, and remediate vulnerabilities, providing guidance on root causes and secure alternatives
• Implement and scale automated tooling to identify common risks early in the development process
• Mentor and consult with product teams on security-by-design principles and secure development practices
• Assist in leading and scaling the Security Champions program, empowering engineers to embed security within their workflows
• Deliver tailored training and workshops to grow application security expertise across engineering
• Collaborate with designers and product managers to integrate security considerations from ideation to deployment
• Drive adoption of secure SDLC processes and tools to align engineering practices with security best practices
• Improve processes for tracking, triaging, and addressing security issues efficiently and transparently
• Ensure features involving authentication, authorization, and sensitive data meet high security standards
• Influence engineering and leadership teams to prioritize security initiatives that align with company goals

Preferred Qualifications

• Familiarity with frameworks like Next.js and NestJS, with an understanding of their security implications
• Experience with complex authorization structures (RBAC, ABAC, custom roles & permissions)
• Interest or experience in addressing privacy and security considerations for in-app AI feature development, including data protection, ethical AI usage, and risk mitigation strategies
• Experience designing or implementing application audit logs to support security monitoring, forensic investigations, and compliance needs
• Experience developing product security controls that align with compliance standards (e.g., SOC2, ISO 27001, GDPR, CCPA, HIPAA) and understanding their impact on product design
• Interest or experience in leveraging emerging tools, such as AI/LLMs, to automate security reviews and enhance code quality

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• Life, AD&D, and Disability Insurance
• Emergency Weather Support
• Wellness Apps
• Paid Parental Leave
• Paid Time off inclusive of holidays and sick time
• Commuter & Parking Accounts
• Lunches in the Office
• Workplace Amenities Stipend
• Internet and Phone Stipend
• One time WFH Office Set-Up Stipend
• 401(k) retirement plan
• Financial Planning
• Learning & Development Budget
• Sabbatical Program
• Invest in Your People Fund
• Incentive stock options