Apply on Employer Site

Harness · 1 day ago

Staff Security Research Engineer

Mountain View, CA

Full-time

Hybrid

Senior Level, Lead/Staff

$150K/yr - $226K/yr

8+ years exp

Harness is a leading AI-powered software delivery platform founded by Jyoti Bansal, and they are seeking a Staff Security Research Engineer to lead research into modern attack vectors across software delivery. The role involves collaborating with various teams, engaging with customers, and representing Harness at security conferences while driving research on cutting-edge threats targeting APIs and CI/CD pipelines.

Artificial Intelligence (AI)Developer ToolsDevOpsProductivity ToolsSaaS

No H1B

Responsibilities

Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs

Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud

Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats

Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments

Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements

Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges

Build internal tools to automate and enhance security research workflows

Evangelize our research and platform through blogs, white papers, and talks at premier security conferences

Analyze global cybersecurity incidents to extract learnings and apply them across domains

Qualification

Penetration testingVulnerability researchCloud platformsProgramming languagesApplication securitySecurity researchCI/CD pipelinesModern application stacksAnalytical skillsAutonomous workResearch publicationSecurity certificationsCommunication skillsTeam collaboration

Required

Bachelor's or Master's degree in Computer Science

8-10+ years of work experience

Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)

Prior development experience and a fair understanding of programming languages and frameworks are a must

Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)

Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems

Strong foundation in computer science fundamentals, identity aware, network, application and runtime security

Strong experience with various pen testing tools like Burpsuite, ZAP, etc

Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc

Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.)

Working knowledge of IAST, DAST, and SAST

Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar

Strong analytical skills and the ability to conduct complex security research autonomously

Ability to work autonomously and drive complex security investigations from hypothesis to implementation

Preferred

Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus

Certifications such as CEH, OSCP, OSCE, or relevant security credentials