Product Security Staff Engineer at Latch
Renting a home is the world's oldest subscription service. People spend thousands of dollars every month for an experience that is outdated, inconvenient, analog, impersonal, and leaves a lot to be desired. Latch is working to make every building better, and while we've methodically executed this mission since our founding with great success, we're just getting started.
Leveraging our knowledge from companies like Apple, BCG, and IDEO, we’ve rethought how people interact with space. Latch delivers a full-building operating system designed to help owners, residents, and third parties like guests, couriers, and service providers, seamlessly experience the modern building. We’ve done this by combining software, devices, and services into a holistic platform that make spaces more efficient, enjoyable, and profitable.
The next chapter of the Latch story will be our most exciting yet, and we’re looking for more talented team members to help fuel our growth.
Latch is seeking a Product Security Staff Engineer. This position will be primarily responsible for the development and management of product security requirements, architecture, design, testing, and appropriate documentation as guided by Latch product standards. They will work closely with development teams to build in security throughout the product life cycle and to test and verify the implemented controls.
They will interface with the Information Security team and application leaders to provide threat models, assessments, reporting, guidance, and assistance with remediation where applicable.
- Product security architecture, design, and engineering requirements and processes
- Embedded device security testing and review
- New product development security needs
- Product security parameters, features, and configuration policies.
- Product security testing (internal and external)
- Bounty Program bug report confirmation and triage /w remediation guidance
- Retesting/fix confirmation and approval
- Application security
- Code review / Coding best practices
- VRM process for libraries and third party code approval
- Development specific security training
- Product PKI Infrastructure design and key management processes
- Manufacturing security / Manufacturing security design
- Security aspects of product provisioning and configuration process
- Product Incident Response
- Product security monitoring
- Development environment security
- Jenkins/Bamboo/GitHub/BitBucket specific security concerns
- Bachelor's degree in Information Security, Computer Science, Information Systems Management, or related field from a 4 year college or university or demonstrated equivalent experience.
- Minimum of 3 years of embedded device security engineering or related experience, or an equivalent combination of experience with embedded systems or IoT security, web or mobile security, secure software development, cryptography, network security, or penetration testing
- Experience with public key cryptography architectures and management of x509 certificate based hierarchies, particularly through the use of hardware secure elements or hardware security modules.
- And understanding of network, web, and wireless protocols (such as TCP/IP, SSL/TLS, 802.11a-g, Zigbee, ZWave, NFC)
- Experience with some if not all of the following technologies:
- Embedded C
- AWS IoT (MQTT)
Founded in 2014, Latch now has 200+ team members working to reimagine modern buildings of today and drive evolution for the cities of tomorrow. Over half of our team members work in product development roles, and our team leverages established expertise in over 55 professional disciplines.
We offer unlimited Paid Time Off, a comprehensive benefits package, mental health support, and an environment where employees are surrounded by creative, empowered, and dynamic peers.
In conjunction with our core values: Contagious Determination, Humility, Trust, Inclusion, Action with Intent, and Privacy, we approach our work with care and a sense of duty, to make the world a better space.
Applicant Privacy Notice