Product Security Engineer

This is Engineering at Lattice

At Lattice, we build software that helps people and organizations thrive. Our engineering team values maintainable systems, strong collaboration, and thoughtful product experiences.

As we expand AI-powered capabilities across our platform, security is a core part of how we design, build, and operate our product. Our Product Security team partners closely with engineering to ensure we ship features that are secure by default and resilient in production.

What You Will Do

You will work closely with product and platform engineering teams to improve the security of Lattice’s applications and services.

Product Security & Engineering Partnership

• Partner with engineers to identify, triage, and remediate security issues in product features and services
• Participate in security reviews and threat modeling for new features and systems
• Perform security-focused code reviews and help identify common vulnerabilities
• Contribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stack

Security Tooling & Operations

• Help implement and operate security tooling (SAST, DAST, dependency scanning, etc.)
• Support vulnerability management workflows, including internal findings and bug bounty reports
• Assist in investigating security issues and assessing risk and impact

Cloud & Platform Security

• Collaborate with platform and infrastructure teams to improve application and cloud security posture
• Contribute to improving security practices in AWS-based environments

AI/LLM Security

• Assist in identifying and mitigating risks in AI/LLM-powered features, including prompt injection, data leakage, and unsafe output handling
• Apply emerging best practices (OWASP Top 10 for LLM Applications) to real product use cases

Security Enablement

• • Contribute to security guidance, documentation, and training for engineering teams
  • Help improve how security is integrated into the development lifecycle

What You Will Bring to the Table

Experience that is important for you to have at some level:

• 1–3+ years of experience in product security, application security, or software engineering
• Experience writing and maintaining code in JavaScript/TypeScript (or similar languages like Python or Ruby)
• Familiarity with common web and API vulnerabilities (e.g., OWASP Top 10)
• Exposure to security testing tools (SAST, DAST, dependency scanning, etc.)
• Experience working in or with cloud environments (AWS or similar)

Technical Approach

• Ability to identify common security risks and suggest practical mitigations
• Understanding of secure coding practices and basic security controls
• Interest in how security decisions impact real-world product systems

Collaboration & Growth

• Strong communication skills and ability to work closely with engineering teams
• Willingness to ask questions, learn quickly, and take ownership of well-scoped problems
• Ability to contribute to team discussions and share security context effectively

Experience that would be nice to have:

• Experience with modern web architectures (Next.js, NestJS, GraphQL)
• Familiarity with containerization or Kubernetes
• Experience or interest in AI/LLM security, including

Location Requirement:
This role is open to candidates located in British Columbia or Ontario, Canada. At this time, we are only able to hire employees residing in these provinces.

----

The estimated annual cash salary for this role is CAD $93,750 - CA