Key skills
JavaAIAWSAzureGCPK8sSDLCCI/CDCollaborationOWASP
About this role
Harness is the AI Software Delivery Platform company, led by technologist and entrepreneur Jyoti Bansal. The Staff Product Security Engineer is a senior individual contributor responsible for ensuring the continuous security of Harness customer-facing products and internal tools, focusing on proactive security measures and collaboration with engineering and product teams.
Responsibilities:
- Design and develop product security APIs, tools, and utilities for internal and external stakeholders
- Conduct threat modeling and secure design reviews for application backend services and business integrations
- Perform advanced penetration tests and adversarial attack simulations against Harness modules, APIs, and codebase using industry-standard frameworks
- Lead manual and automated code review efforts to discover vulnerabilities, weaknesses, and anti-patterns in the Harness platform
- Implement and operate security tooling including SAST, DAST, and SCA, and integrate these into CI/CD pipelines
- Consult and advise developers and Product Managers on security standards, vulnerability remediation, and security architecture
- Assess risks and trade-offs, and propose solutions for product security features such as authentication and authorization
- Participate in the creation, review, and implementation of technical security standards across global engineering teams
- Use the Harness platform to integrate security processes like vulnerability management into the SDLC
- Collaborate cross-functionally with Engineering and Product to accelerate the release of software with security by design
Requirements:
- BS in Computer Science or a related degree
- 5+ years of relevant industry experience with a strong security focus
- Solid experience with DevSecOps practices and secure SDLC methodologies
- Good working knowledge of cyber security frameworks including OWASP, SANS, NIST, and CIS
- Ability to describe software supply chain risks and Secure SDLC best practices
- Experience with public or private cloud environments such as K8s, AWS, GCP, or Azure
- Professional knowledge of enterprise applications, API development, and modern software delivery processes
- Previous experience in a cloud-native environment
- Proficiency in Java or a comparable language and object-oriented programming methodology
- Hands-on experience with security testing tools and vulnerability management workflows