Product Security Engineer

This is Engineering at LatticeAt Lattice, we build software that helps people and organizations thrive. Our engineering team values maintainable systems, strong collaboration, and thoughtful product experiences.As we expand AI-powered capabilities across our platform, security is a core part of how we design, build, and operate our product. Our Product Security team partners closely with engineering to ensure we ship features that are secure by default and resilient in production.What You Will DoYou will work closely with product and platform engineering teams to improve the security of Lattice’s applications and services.Product Security & Engineering PartnershipPartner with engineers to identify, triage, and remediate security issues in product features and servicesParticipate in security reviews and threat modeling for new features and systemsPerform security-focused code reviews and help identify common vulnerabilitiesContribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stackSecurity Tooling & OperationsHelp implement and operate security tooling (SAST, DAST, dependency scanning, etc.)Support vulnerability management workflows, including internal findings and bug bounty reportsAssist in investigating security issues and assessing risk and impactCloud & Platform SecurityCollaborate with platform and infrastructure teams to improve application and cloud security postureContribute to improving security practices in AWS-based environmentsAI/LLM SecurityAssist in identifying and mitigating risks in AI/LLM-powered features, including prompt injection, data leakage, and unsafe output handlingApply emerging best practices (OWASP Top 10 for LLM Applications) to real product use casesSecurity EnablementContribute to security guidance, documentation, and training for engineering teamsHelp improve how security is integrated into the development lifecycleWhat You Will Bring to the TableExperience that is important for you to have at some level:1–3+ years of experience in product security, application security, or software engineeringExperience writing and maintaining code in JavaScript/TypeScript (or similar languages like Python or Ruby)Familiarity with common web and API vulnerabilities (e.g., OWASP Top 10)Exposure to security testing tools (SAST, DAST, dependency scanning, etc.)Experience working in or with cloud environments (AWS or similar)Technical ApproachAbility to identify common security risks and suggest practical mitigationsUnderstanding of secure coding practices and basic security controlsInterest in how security decisions impact real-world product systemsCollaboration & GrowthStrong communication skills and ability to work closely with engineering teamsWillingness to ask questions, learn quickly, and take ownership of well-scoped problemsAbility to contribute to team discussions and share security context effectivelyExperience that would be nice to have:Experience with modern web architectures (Next.js, NestJS, GraphQL)Familiarity with containerization or KubernetesExperience or interest in AI/LLM security, includingLocation Requirement: This role is open to candidates located in British Columbia or Ontario, Canada. At this time, we are only able to hire employees residing in these provinces.----The estimated annual cash salary for this role is CAD $93,750 - CAD $125,000. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plansBenefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Life, AD&D, and Disability Insurance; Natural Disaster Support Program; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Working Remotely Stipend; One time WFH Office Set-Up Stipend; Retirement Plan; Financial Planning; and Learning & Development Budget.*Note on Pay Transparency:Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.About LatticeLattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning 🏅– and Lattice is building the tools to empower those people-centric companies. Lattice is a people success platform that offers perf