Staff Product Security Engineer

This is Engineering at Lattice

Lattice’s Engineering team is continuously improving both our product and our craft. We use a modern tech stack and love experimenting with new technologies, striving for maintainable, robust, and performant code. We’re highly collaborative, iterative, and work closely with designers and product managers to deliver not just great technical architecture but also an exceptional product experience.

We’re looking for a Staff Product Security Engineer to partner with product teams in ensuring our applications are secure by design. You’ll provide technical leadership to shape security architecture, define secure coding practices, and prevent vulnerabilities early in the software development lifecycle.

In this role, you’ll deliver secure development libraries and tools, conduct targeted reviews and threat models, and enable teams through education and mentorship. You’ll also scale security knowledge across engineering while improving the systems and processes that make building secure products easier.

What You Will Do

Secure the Development Lifecycle

• Collaborate with engineering, product, and design teams to identify risks early and architect secure solutions for Typescript-based applications (e.g., Next.js, NestJS).
• Define and promote secure coding practices for modern web technologies, including REST and GraphQL APIs.
• Advise & consult on the building & maintenance of security-focused libraries and reusable paved roads to prevent classes of vulnerabilities across teams.
• Drive adoption of security tools (e.g., linters, SAST) and patterns that improve consistency, scalability, and developer productivity.

Proactively Prevent and Address Security Risks

• Lead threat modeling, targeted code reviews, and security assessments for critical product designs.
• Partner with teams to triage, reproduce, and remediate vulnerabilities, providing guidance on root causes and secure alternatives.
• Implement and scale automated tooling to identify common risks early in the development process.

Enable Teams to Build Securely

• Mentor and consult with product teams on security-by-design principles and secure development practices.
• Assist in leading and scaling the Security Champions program, empowering engineers to embed security within their workflows.
• Deliver tailored training and workshops to grow application security expertise across engineering.
• Collaborate with designers and product managers to integrate security considerations from ideation to deployment.

Scale Security Across the Organization

• Drive adoption of secure SDLC processes and tools to align engineering practices with security best practices.
• Improve processes for tracking, triaging, and addressing security issues efficiently and transparently.
• Ensure features involving authentication, authorization, and sensitive data meet high security standards.
• Influence engineering and leadership teams to prioritize security initiatives that align with company goals.

What You Will Bring to the Table

Core Skills & Experience

• Strong software development experience, ideally with modern web languages like Typescript (or Python, Ruby, etc.), and a proven track record of securing production applications.
• Experience securing modern APIs, including GraphQL, and implementing tools to automate vulnerability detection.
• Deep understanding of secure coding practices and experience designing or reviewing web applications and APIs.
• Ability to identify, reproduce, and remediate security vulnerabilities (e.g., OWASP Top 10, CWE).
• Familiarity with security tools for static analysis, dependency management, and vulnerability detection.
• Strong communication and collaboration skills—you can translate security concepts into actionable guidance for engineers.

Bonus Points

• Familiarity with frameworks like Next.js and NestJS, with an understanding of their security implications.
• Experience with complex authorization structures (RBAC, ABAC, custom roles & permissions).
• Interest or experience in addressing privacy and security considerations for in-app AI feature development, including data protection, ethical AI usage, and risk mitigation strategies.
• Experience designing or implementing application audit logs to support security monitoring, forensic investigations, and compliance needs.
• Experience developing product security controls that align with compliance standards (e.g., SOC2, ISO 27001, GDPR, CCPA, HIPAA) and understanding their impact on product design.
• Interest or experience in leveraging emerging tools, such as AI/LLMs, to automate security reviews and enhance code quality.

------

The estimated annual cash salary for this role is $195,000 - $244,000. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans.

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.

#LI-Remote

About Lattice

Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning 🏅– and Lattice is building the tools to empower those people-centric companies.

Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line 📈. Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto. 

Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.

By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.