Staff Security Research Engineer

About Harness

Harness is the AI Software Delivery Platform company, led by technologist and entrepreneur Jyoti Bansal (founder of AppDynamics, acquired by Cisco for $3.7B). Harness has raised approximately $570M in funding and is valued at $5.5B, backed by leading investors including Goldman Sachs, Menlo Ventures, IVP, Unusual Ventures, Citi Ventures, and more. As AI accelerates code creation, the real bottleneck has shifted to everything after the code – testing, deployments, application security, reliability, compliance, and cost optimization. Harness brings AI and automation to this “outer loop,” helping teams ship software faster while maintaining security and governance throughout the entire software delivery lifecycle.

Powered by Harness AI and the Software Delivery Knowledge Graph, the Harness Platform applies deep context and intelligent automation across the software delivery lifecycle with governance and policy-driven controls embedded throughout the platform.

Over the past year, Harness powered over 185M deployments, 82M builds, 18T flag evaluations, 8M security scans, 9.1B optimized tests, 3T protected API calls, and helped manage $2.8B in cloud spend — enabling customers like United Airlines, Morningstar, and Choice Hotels to accelerate releases by up to 75%, reduce cloud costs by up to 60%, and achieve 10x DevOps efficiency.

With a global team across 14 offices and 25 countries, Harness is shaping the future of AI software delivery — and we’re looking for exceptional talent to help us move even faster.

Position Summary

Harness is expanding into DevSecOps with the integration of Traceable, and we're hiring a Staff Security Research Engineer to help lead the charge. This is a rare opportunity to work with visionary leaders like Jyoti Bansal and help shape security across the modern software delivery lifecycle—from code to cloud.

You'll drive research into cutting-edge threats targeting APIs, CI/CD pipelines, and emerging technologies like LLMs. Your work will directly influence product direction, detection capabilities, and customer protection strategies. This is a hands-on, high-impact role where you’ll collaborate across teams, interface with top-tier customers, and represent Harness at leading security conferences.

If you're passionate about solving hard security problems at scale, this role puts you at the center of innovation in a fast-growing DevSecOps platform.

About The Role

• Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs
• Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud
• Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats
• Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments
• Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements
• Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges
• Build internal tools to automate and enhance security research workflows.
• Evangelize our research and platform through blogs, white papers, and talks at premier security conferences
• Analyze global cybersecurity incidents to extract learnings and apply them across domains

About You

• Bachelor's or Master's degree in Computer Science.
• 8-10+ years of work experience
• Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)
• Prior development experience and a fair understanding of programming languages and frameworks are a must
• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
• Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems
• Strong foundation in computer science fundamentals, identity aware, network, application and runtime security
• Strong experience with various pen testing tools like Burpsuite, ZAP, etc.
• Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc.
• Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.).
• Working knowledge of IAST, DAST, and SAST
• Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar
• Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus
• Certifications such as CEH, OSCP, OSCE, or relevant security credentials
• Strong analytical skills and the ability to conduct complex security research autonomously
• Ability to work autonomously and drive complex security investigations from hypothesis to implementation

Work Location

This role will be out of our Mountain View office on a Hybrid capacity.

What You Will Have at Harness

• Competitive salary
• Comprehensive healthcare benefits
• Flexible Spending Account (FSA)
• Employee Assistance Program (EAP)
• Flexible Time Off and Parental Leave
• Quarterly Harness TGIF-Off / 4 days
• Monthly, quarterly, and annual social and team-building events
• Recharge & Reset Program
• Monthly internet reimbursement
• Commuter benefits

Factors that may be used to determine your actual pay rate include your specific skills, experience, qualifications, location, and comparison to other employees already in this role. In addition to the base salary, certain roles may qualify for a performance-based incentive and/or equity, with eligibility depending on the position. These rewards are based on a combination of company performance and individual achievements. The Hiring Range For This Position Is $150,000 - $226,000.

A valid authorization to work in the U.S. is required

Pay transparency

$150,000—$226,000 USD

Harness In The News

• Accelerating Our Mission to Bring AI to Everything After Code
• Goldman Sachs leads investment in software delivery startup Harness at $5.5 billion valuation
• How Harness runs 16 “startups within a startup” at scale | Jyoti Bansal
• Harness Research Shows AI Visibility Crisis Fueling Security Nightmare
• Harness has been named to the Inc. Power Partner list for software delivery success

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or national origin.

Note on Fraudulent Recruiting/Offers

We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers.

Please note, we do not ask for sensitive or financial information via chat, text, or social media, and any email communications will come from the domain @harness.io. Additionally, Harness will never ask for any payment, fee to be paid, or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.

If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness, please do not provide any personal or financial information and contact us immediately at security@harness.io. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commission’s website (https://consumer.ftc.gov/articles/job-scams), or you can contact your local law enforcement agency.

Key skills/competency

• DevSecOps
• Application Security (AppSec)
• API Security
• CI/CD Security
• Vulnerability Research
• Penetration Testing
• Exploit Development
• Cloud Security (AWS/GCP)
• Kubernetes Security
• LLM Security