[Remote] Product Security Engineer

Note: The job is a remote job and is open to candidates in USA. Lattice is a company that builds software to help organizations thrive, focusing on maintainable systems and strong collaboration. The Product Security Engineer will work closely with engineering teams to enhance the security of applications and services, ensuring secure features and resilience in production. Responsibilities - Partner with engineers to identify, triage, and remediate security issues in product features and services - Participate in security reviews and threat modeling for new features and systems - Perform security-focused code reviews and help identify common vulnerabilities - Contribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stack - Help implement and operate security tooling (SAST, DAST, dependency scanning, etc.) - Support vulnerability management workflows, including internal findings and bug bounty reports - Assist in investigating security issues and assessing risk and impact - Collaborate with platform and infrastructure teams to improve application and cloud security posture - Contribute to improving security practices in AWS-based environments - Assist in identifying and mitigating risks in AI/LLM-powered features, including prompt injection, data leakage, and unsafe output handling - Apply emerging best practices (OWASP Top 10 for LLM Applications) to real product use cases - Contribute to security guidance, documentation, and training for engineering teams - Help improve how security is integrated into the development lifecycle Skills - 1–3+ years of experience in product security, application security, or software engineering - Experience writing and maintaining code in JavaScript/TypeScript (or similar languages like Python or Ruby) - Familiarity with common web and API vulnerabilities (e.g., OWASP Top 10) - Exposure to security testing tools (SAST, DAST, dependency scanning, etc.) - Experience working in or with cloud environments (AWS or similar) - Ability to identify common security risks and suggest practical mitigations - Understanding of secure coding practices and basic security controls - Strong communication skills and ability to work closely with engineering teams - Willingness to ask questions, learn quickly, and take ownership of well-scoped problems - Ability to contribute to team discussions and share security context effectively - Experience with modern web architectures (Next.js, NestJS, GraphQL) - Familiarity with containerization or Kubernetes - Experience or interest in AI/LLM security Benefits - Medical insurance - Dental insurance - Vision insurance - Life, AD&D, and Disability Insurance - Emergency Weather Support - Wellness Apps - Paid Parental Leave - Paid Time off inclusive of holidays and sick time - Commuter & Parking Accounts - Lunches in the Office - Internet and Phone Stipend - One time WFH Office Set-Up Stipend - 401(k) retirement plan - Financial Planning - Learning & Development Budget Company Overview - Lattice is a people success platform that help business leaders develop engaged, high-performing employees, and winning cultures. It was founded in 2015, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is http://www.lattice.com.