Senior Application Security Engineer
2024-10-27
USA
Lattice
This is Engineering at Lattice
Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.
What You Will Do
Mentor and advise product development teams in the area of application security
Assist teams in reproducing, triaging, and addressing application security vulnerabilities
Assist in the implementation of security processes and automated tooling that prevent classes of security issues
Design and implement Typescript code libraries and patterns to improve application security
Perform security-focused code reviews
Work with infrastructure teams to ensure our systems are secure
Support the bug bounty program
Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
Lead application security reviews and threat modeling, including code review and dynamic testing
Help develop security training and socialize the material with product development teams
What You Will Bring to the Table
Experience it’s important for you to have at some level:
Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
Familiarity with secure coding practices
Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
Strong understanding and experience with common security libraries, security controls, and common security flaws
Strong communication and collaboration skills
Experience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
Familiarity with containerization (Docker, containerd, etc) and Kubernetes
Experience developing and operating cloud systems in AWS
Experience with GraphQL
----
The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans
Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund
*Note on Pay Transparency:
Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.
Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.
#LI-remoteAbout Lattice
Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning – and Lattice is building the tools to empower those people-centric companies.
Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line . Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto.
Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.
Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.
Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.
What You Will Do
Mentor and advise product development teams in the area of application security
Assist teams in reproducing, triaging, and addressing application security vulnerabilities
Assist in the implementation of security processes and automated tooling that prevent classes of security issues
Design and implement Typescript code libraries and patterns to improve application security
Perform security-focused code reviews
Work with infrastructure teams to ensure our systems are secure
Support the bug bounty program
Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
Lead application security reviews and threat modeling, including code review and dynamic testing
Help develop security training and socialize the material with product development teams
What You Will Bring to the Table
Experience it’s important for you to have at some level:
Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
Familiarity with secure coding practices
Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
Strong understanding and experience with common security libraries, security controls, and common security flaws
Strong communication and collaboration skills
Experience that would be helpful:
Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
Familiarity with containerization (Docker, containerd, etc) and Kubernetes
Experience developing and operating cloud systems in AWS
Experience with GraphQL
----
The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans
Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund
*Note on Pay Transparency:
Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.
Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.
#LI-remoteAbout Lattice
Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning – and Lattice is building the tools to empower those people-centric companies.
Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line . Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto.
Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance with Lattice's Job Applicant Privacy Policy.