Staff Product Security Engineer

This is Engineering at Lattice

Lattice’s Engineering team is continuously improving both our product and our craft. We use a modern tech stack and love experimenting with new technologies striving for maintainable robust and performant code. We’re highly collaborative iterative and work closely with designers and product managers to deliver not just great technical architecture but also an exceptional product experience.

We’re looking for a Staff Product Security Engineer to partner with product teams in ensuring our applications are secure by design. You’ll provide technical leadership to shape security architecture define secure coding practices and prevent vulnerabilities early in the software development lifecycle.

In this role you’ll deliver secure development libraries and tools conduct targeted reviews and threat models and enable teams through education and mentorship. You’ll also scale security knowledge across engineering while improving the systems and processes that make building secure products easier.

What You Will Do

Secure the Development Lifecycle

• Collaborate with engineering product and design teams to identify risks early and architect secure solutions for Typescript-based applications (e.g. Next.js NestJS).

• Define and promote secure coding practices for modern web technologies including REST and GraphQL APIs.

• Advise & consult on the building & maintenance of security-focused libraries and reusable paved roads to prevent classes of vulnerabilities across teams.

• Drive adoption of security tools (e.g. linters SAST) and patterns that improve consistency scalability and developer productivity.

Proactively Prevent and Address Security Risks

• Lead threat modeling targeted code reviews and security assessments for critical product designs.

• Partner with teams to triage reproduce and remediate vulnerabilities providing guidance on root causes and secure alternatives.

• Implement and scale automated tooling to identify common risks early in the development process.

Enable Teams to Build Securely

• Mentor and consult with product teams on security-by-design principles and secure development practices.

• Assist in leading and scaling the Security Champions program empowering engineers to embed security within their workflows.

• Deliver tailored training and workshops to grow application security expertise across engineering.

• Collaborate with designers and product managers to integrate security considerations from ideation to deployment.

Scale Security Across the Organization

• Drive adoption of secure SDLC processes and tools to align engineering practices with security best practices.

• Improve processes for tracking triaging and addressing security issues efficiently and transparently.

• Ensure features involving authentication authorization and sensitive data meet high security standards.

• Influence engineering and leadership teams to prioritize security initiatives that align with company goals.

What You Will Bring to the Table

Core Skills & Experience

• Strong software development experience ideally with modern web languages like Typescript (or Python Ruby etc.) and a proven track record of securing production applications.

• Experience securing modern APIs including GraphQL and implementing tools to automate vulnerability detection.

• Deep understanding of secure coding practices and experience designing or reviewing web applications and APIs.

• Ability to identify reproduce and remediate security vulnerabilities (e.g. OWASP Top 10 CWE).

• Familiarity with security tools for static analysis dependency management and vulnerability detection.

• Strong communication and collaboration skills—you can translate security concepts into actionable guidance for engineers.

Bonus Points

• Familiarity with frameworks like Next.js and NestJS with an understanding of their security implications.

• Experience with complex authorization structures (RBAC ABAC custom roles & permissions).

• Interest or experience in addressing privacy and security considerations for in-app AI feature development including data protection ethical AI usage and risk mitigation strategies.

• Experience designing or implementing application audit logs to support security monitoring forensic investigations and compliance needs.

• Experience developing product security controls that align with compliance standards (e.g. SOC2 ISO 27001 GDPR CCPA HIPAA) and understanding their impact on product design.

• Interest or experience in leveraging emerging tools such as AI/LLMs to automate security reviews and enhance code quality.

------

The estimated annual cash salary for this role is $195000 - $244000. This position is also eligible for incentive stock options subject to the terms of Lattice’s applicable plans.

Benefits: The Company offers the following benefits for this position subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life AD&D and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally Lattice leverages current market data to determine compensation so posted compensation figures are subject to change as new market data becomes available. The salary other compensation and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time subject to applicable law.

#LI-Remote