Staff Security Engineer
Remote
Applications have closed
Lattice
Lattice is the people management platform that empowers people leaders to build engaged, high-performing teams, inspire winning cultures, and make strategic, data-driven business decisions.About the Role
As part of Lattice's SRE team, you will focus on security and privacy engineering for components of our services with an emphasis on threats from all sources. You will collaborate with our product engineers to improve their development experience and the resiliency of our application code. Hopefully you are someone who is a humble expert with a sense of urgency. Our SRE team is really looking for someone that is skilled at taking complex topics and making them simple paired with a team focus and ability to work in a matrixed organization.
Responsibilities
As our first dedicated Security Engineer, you will be responsible for establishing SecOps best practices as a new discipline for our engineering organization, identifying opportunities and obstacles to ensuring infrastructure and application security, and helping to define a roadmap for making the necessary investments. Success in this role includes charting the path forward for Lattice’s security needs throughout the SDLC. You’ll have a large amount of autonomy and an ability to make a significant impact in a successful, growing startup!
- Improve automation of product security testing
- Evaluate and implement new technologies, tools and programs that impact security and engineering
- Advise on the implementation of security related features in the product
- Review and enhance software development processes with stakeholders to address security and compliance requirements
- Interpret security tools and penetration testing results and describe issues and fixes to developers
- Provide vulnerability remediation guidance and mentoring to software engineers
- Support privacy impact analyses for new product features
- Develop company-wide security initiatives to discover security defects in source code, dependencies, and/or other artifacts
Qualifications
There’s no such thing as a perfect candidate. We expect you to possess some combination of the following:
- 9+ years of experience in application security or related fields
- Ability to communicate effectively with business stakeholders in explaining security topics clearly
- Experience with Cloud and virtualized technology in environments such as AWS or GCP
- Ability to explain vulnerabilities and weaknesses in the OWASP Top 10 to any audience, and be aware of effective defensive techniques
- Deep understanding of common web protocols and components (e.g. HTTP, Node.js, PostgreSQL)
- Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
- Familiarity with dynamic and static analysis tools
- Deep understanding of continuous integration / continuous deployment processes and tools
- Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts
About Lattice
Lattice is on a mission to build cultures where employees and their companies thrive 💪. In an age where employees have more choices than ever before, businesses that put employees first are winning 🏅– and Lattice is building the tools to empower those people-centric companies. Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line 📈. Since launching in 2016, we have grown to over 4,200+ customers globally, including brands like Slack, Pinterest, Reddit, and Asana.
What else does Lattice have to offer? We’re so glad you asked! We invest in our people’s personal and professional growth because that sort of growth begets business impact and personal fulfillment 🤗. We believe in the value of continued learning investments 🤓and reimbursements. We offer a competitive salary (including equity💸) and our benefits are thoughtful. We believe that taking the time for you is important and have a flexible vacation/time-off policy to prove it. We even incorporated Lattice “Recharge Days” 🔋to ensure you’re getting a break every month. Lattice has also implemented a 💻 remote-first hybrid model (team-dependent, you work from wherever makes you most comfortable). If that gets you excited, now is the perfect time to join; so bring your appetite for ownership and creation and help Lattice continue to grow! 🎉
Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.
Tags: Application security Automation AWS Cloud Compliance GCP IAM Node.js OpenID OWASP Pentesting PostgreSQL Privacy Product security SAML SDLC SecOps SSO Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Flex vacation Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs