Principal / Sr. Staff Security Engineer

This is Engineering at Lattice

Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.

Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will be a leader on our security engineering team, with the opportunity to work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: heads-down coding, reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, and triaging bugs to understand their risks and remediations. As a leader on the team, you will also be involved in deciding how work is done and what tools and processes are appropriate, as well as guiding and mentoring other team members.

What You Will Do

• Mentor and advise product development teams in the area of application security
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Assist in implementation of security processes and automated tooling that prevent classes of security issues
• Design and implement Typescript code libraries and patterns to improve application security
• Perform security-focused code reviews
• Work with infrastructure teams to ensure our systems are secure, which includes writing Terraform code and reviewing/implementing AWS cloud security changes
• Support the bug bounty program
• Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Develop security training and socialize the material with product development teams

What You Will Bring to the Table

Experience it’s important for you to have at some level:

• Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
• Familiarity with secure coding practices
• Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
• Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
• Strong understanding and experience with common security libraries, security controls, and common security flaws
• Strong communication and collaboration skills

Experience that would be helpful:

• Familiarity with containerization (Docker, containerd, etc) and Kubernetes
• Experience developing and operating cloud systems in AWS
• Experience with GraphQL

#LI-remote

The estimated annual cash salary for this role is $254,323 - $338,603. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.