Key skills
JavaScriptTypeScriptPythonRubyAILLMNext.jsNestJSGraphQLAWSKubernetesCommunicationOWASPCloud Security
About this role
Lattice is a company focused on building software that enhances employee and organizational growth. They are seeking a Product Security Engineer to collaborate with engineering teams to enhance the security of their applications and services, ensuring secure features and resilient operations.
Responsibilities:
- Partner with engineers to identify, triage, and remediate security issues in product features and services
- Participate in security reviews and threat modeling for new features and systems
- Perform security-focused code reviews and help identify common vulnerabilities
- Contribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stack
- Help implement and operate security tooling (SAST, DAST, dependency scanning, etc.)
- Support vulnerability management workflows, including internal findings and bug bounty reports
- Assist in investigating security issues and assessing risk and impact
- Collaborate with platform and infrastructure teams to improve application and cloud security posture
- Contribute to improving security practices in AWS-based environments
- Assist in identifying and mitigating risks in AI/LLM-powered features, including prompt injection, data leakage, and unsafe output handling
- Apply emerging best practices (OWASP Top 10 for LLM Applications) to real product use cases
- Contribute to security guidance, documentation, and training for engineering teams
- Help improve how security is integrated into the development lifecycle
Requirements:
- 1–3+ years of experience in product security, application security, or software engineering
- Experience writing and maintaining code in JavaScript/TypeScript (or similar languages like Python or Ruby)
- Familiarity with common web and API vulnerabilities (e.g., OWASP Top 10)
- Exposure to security testing tools (SAST, DAST, dependency scanning, etc.)
- Experience working in or with cloud environments (AWS or similar)
- Ability to identify common security risks and suggest practical mitigations
- Understanding of secure coding practices and basic security controls
- Interest in how security decisions impact real-world product systems
- Strong communication skills and ability to work closely with engineering teams
- Willingness to ask questions, learn quickly, and take ownership of well-scoped problems
- Ability to contribute to team discussions and share security context effectively
- Experience with modern web architectures (Next.js, NestJS, GraphQL)
- Familiarity with containerization or Kubernetes
- Experience or interest in AI/LLM security