Staff Security Engineer

Remote

Applications have closed

Lattice

Lattice is the people management platform that empowers people leaders to build engaged, high-performing teams, inspire winning cultures, and make strategic, data-driven business decisions.

View company page

About the Role

As part of Lattice's SRE team, you will focus on security and privacy engineering for components of our services with an emphasis on threats from all sources.  You will collaborate with our product engineers to improve their development experience and the resiliency of our application code.  Hopefully you are someone who is a humble expert with a sense of urgency.  Our SRE team is really looking for someone that is skilled at taking complex topics and making them simple paired with a team focus and ability to work in a matrixed organization.  

Responsibilities  

As our first dedicated Security Engineer, you will be responsible for establishing SecOps best practices as a new discipline for our engineering organization, identifying opportunities and obstacles to ensuring infrastructure and application security, and helping to define a roadmap for making the necessary investments. Success in this role includes charting the path forward for Lattice’s security needs throughout the SDLC. You’ll have a large amount of autonomy and an ability to make a significant impact in a successful, growing startup!

  • Improve automation of product security testing
  • Evaluate and implement new technologies, tools and programs that impact security and engineering
  • Advise on the implementation of security related features in the product
  • Review and enhance software development processes with stakeholders to address security and compliance requirements
  • Interpret security tools and penetration testing results and describe issues and fixes to developers
  • Provide vulnerability remediation guidance and mentoring to software engineers
  • Support privacy impact analyses for new product features
  • Develop company-wide security initiatives to discover security defects in source code, dependencies, and/or other artifacts

Qualifications 

There’s no such thing as a perfect candidate. We expect you to possess some combination of the following:

  • 9+ years of experience in application security or related fields
  • Ability to communicate effectively with business stakeholders in explaining security topics clearly
  • Experience with Cloud and virtualized technology in environments such as AWS or GCP
  • Ability to explain vulnerabilities and weaknesses in the OWASP Top 10 to any audience, and be aware of effective defensive techniques
  • Deep understanding of common web protocols and components (e.g. HTTP, Node.js, PostgreSQL)
  • Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
  • Familiarity with dynamic and static analysis tools
  • Deep understanding of continuous integration / continuous deployment processes and tools
  • Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts

About Lattice

Lattice is on a mission to build cultures where employees and their companies thrive 💪. In an age where employees have more choices than ever before, businesses that put employees first are winning 🏅– and Lattice is building the tools to empower those people-centric companies. Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line 📈. Since launching in 2016, we have grown to over 4,200+ customers globally, including brands like Slack, Pinterest, Reddit, and Asana. 


What else does Lattice have to offer? We’re so glad you asked! We invest in our people’s personal and professional growth because that sort of growth begets business impact and personal fulfillment 🤗. We believe in the value of continued learning investments 🤓and reimbursements. We offer a competitive salary (including equity💸) and our benefits are thoughtful. We believe that taking the time for you is important and have a flexible vacation/time-off policy to prove it. We even incorporated Lattice “Recharge Days” 🔋to ensure you’re getting a break every month. Lattice has also implemented a 💻 remote-first hybrid model (team-dependent, you work from wherever makes you most comfortable). If that gets you excited, now is the perfect time to join; so bring your appetite for ownership and creation and help Lattice continue to grow! 🎉

Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.

By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.

Tags: Application security Automation AWS Cloud Compliance GCP IAM Node.js OpenID OWASP Pentesting PostgreSQL Privacy Product security SAML SDLC SecOps SSO Vulnerabilities

Perks/benefits: Career development Competitive pay Equity Flex vacation Startup environment

Region: Remote/Anywhere
Job stats:  18  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.