Lead Security Engineer

San Francisco, CA

About Lattice

Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choice than ever before, businesses that put employees first are winning – and Lattice is building the tools to empower those people centric companies. Lattice is a people management platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line. Since launching in 2016 we have grown to over 2,750+ customers globally, including brands like Slack, Pinterest, Reddit, and Asana.

We’re a small and impactful team of software engineers continuously working to improve our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies to create our products. We work highly cross-functionally in partnership with our Sales, Customer Success, Product and Design teams to shape the product we support.

Job overview

As part of Lattice's SRE team, you will focus on security and privacy engineering for components of our services with an emphasis on threats from all sources.  You will collaborate with our product engineers to improve their development experience and the resiliency of our application code. Hopefully you are someone who is a humble expert with a sense of urgency.  Our SRE team is really looking for someone that is skilled at taking complex topics and making them simple paired with a team focus and ability to work in a matrixed organization.  

What you'll do

As our first Lead Security Engineer, you will be responsible for establishing SecOps best practices as a new discipline for our engineering organization, identifying opportunities and obstacles to ensuring infrastructure and application security, and defining our roadmap for making the necessary investments. Success in this role includes charting the path forward for Lattice’s security needs throughout the SDLC. You’ll have a large amount of autonomy and an ability to make a significant impact in a successful, growing startup!

• Improve automation of product security testing
• Evaluation and implementation of new technologies, tools and programs that impact security and engineering
• Help implementing security related features into the product
• Review and alter software development processes with stakeholders to address security and compliance requirements
• Interpret security tools and penetration testing results and describe issues and fixes to developers
• Provide vulnerability remediation guidance and mentoring to software engineers
• Support privacy impact analyses for new product features
• Develop company wide security projects to discover security defects in source code, dependencies, and/or other artifacts

Qualifications

There’s no such thing as a perfect candidate. We expect you to possess some combination of the following:

• 5+ years of experience in application security or related fields
• Ability to communicate effectively with business representatives in explaining security topics clearly
• Experience with Cloud and virtualized technology in environments such as AWS or GCP
• Ability to explain vulnerabilities and weaknesses in the OWASP Top 10 to any audience, and be aware of effective defensive techniques
• Deep understanding of common web protocols and components (node.js, databases)
• Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
• Familiarity with dynamic and static analysis tools
• Deep understanding of continuous integration / continuous deployment processes and tools
• Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts

Why Lattice



We are rapidly growing across multiple dimensions, including our customer base, the scope of products we offer, and the size of the engineering team. Now is the opportune time for a strong candidate to join, take on outsized ownership, and continue to grow with us.

• We invest in the personal and professional growth of every employee because we believe growth leads to both business impact and personal fulfillment
• The opportunity to join an experienced and ambitious team that is passionate about solving customers’ needs and loves coming to work every day
• Partner with 2,750+ companies around the world to make sure their employees are engaged and performing at a high level
• A culture that encourages and promotes professional growth and development, with continuous learning reimbursements
• Competitive salary, equity, and benefits
• Hybrid work model with a mix of work from home and centrally located office
• Flexible vacation/time-off policy

---

Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.