Key skills
AIMLLLMAWSAzureGCPMentoringCommunicationCollaboration
About this role
Harvey is transforming how legal and professional services operate with an innovative AI platform. As a Staff Software Engineer on the Product Security team, you will play a critical role in integrating security into the product lifecycle while mentoring engineers and leading security initiatives.
Responsibilities:
- Establish and evolve security posture across the engineering organization, setting standards that scale with the company
- Partner with Product Engineering, Infrastructure, and Platform teams to incorporate secure design principles at every stage of development
- Own and review security-critical code across key parts of the product, including authentication and access control
- Architect secure-by-default libraries and tools that make the secure path the easiest choice for developers
- Drive mitigation strategies during security-related incident responses, coordinating cross-functional efforts
- Mentor engineers and raise the security bar across teams through code reviews, design reviews, and technical guidance
Requirements:
- 8+ years of experience in product security, application security, offensive security, and/or security-focused software engineering
- Long track record of identifying and remediating software vulnerabilities, demonstrated through CVEs, bug bounty awards, published research, or prior work experience
- Demonstrated ability to lead cross-functional security initiatives and influence engineering teams without direct authority
- Experience mentoring engineers and raising the quality bar of software engineering teams on security practices
- Strong programming skills with demonstrated experience writing high-quality, production software
- Excellent communication and collaboration skills, particularly when translating security risks into business terms for non-security stakeholders
- Track record of leading complex cross-functional projects and delivering measurable security improvements
- Experience building security programs or practices at hyper-growth startups
- Background with cloud environments (Azure, GCP, AWS) and cloud-native security patterns
- Experience with AI/ML systems and emerging security considerations for LLM-based applications