hero

Rally Ventures unites an intersecting portfolio of companies at the frontier of business technology.

Discover job opportunities across our portfolio.

Staff Product Security Engineer

Harness

Harness

Product
India
Posted on Jan 25, 2024
Harness is a high-growth company that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers’ pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs. The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights and continues to expand at an incredibly fast pace.
Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We’re backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.

The Role

Product Security is responsible for ensuring the continuous security of Harness customer-facing products and internal tools. The team is focused on proactively discovering security weaknesses, driving and advising risk remediation, building a paved road for developers to adopt secure development practices, and developing partnerships with engineering and product teams to accelerate the release of software with security by design.

As a Security Engineer, you will lead efforts to extend visibility into Harness' security posture, integrate and automate core security technologies, and drive continuous improvement across our technical estate. You'll use your knowledge to test, design, and secure solutions that enable Harness' business goals, and collaborate directly with engineering teams to Get Ship Done. You will be responsible for cross-team projects with Engineering and Product, and will sharpen new skills as we continue to scale.

In this role, you will:

  • Design and develop product security APIs, tools and utilities for internal and external stakeholders.
  • Conduct threat modeling and secure design review of applications backend services and business integrations.
  • Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.
  • Perform advanced penetration tests and simulate adversarial attacks against Harness modules APIs, and codebase using industry standard frameworks.
  • Participate in the creation, review and implementation of technical security across global Engineering teams.
  • Consult and advise with developers and Product Managers to analyze and implement security standards, methods, vulnerability remediation, and security architecture.
  • Assess risks and trade-offs, and propose solutions for product security features such as authentication and authorization.
  • Lead manual and automated code review and testing efforts to discover vulnerabilities, weaknesses, and anti-patterns in the Harness platform.
  • Implement and own operation of security tooling, including but not limited to SAST, DAST, and SCA.
  • Use the Harness platform to integrate security processes like vulnerability management into the SDLC.

About You:

  • You have a BS in Computer Science or a related degree.
  • You have at least 5 years of relevant industry experience as a software engineer with a strong security focus.
  • Experienced with DevSecOps.
  • Ability to describe Secure SDLC best practices and software supply chain risks.
  • Experience with any of the Public/Private cloud environments (K8s, AWS, GCP, Azure, etc.)
  • You have expert professional knowledge of enterprise applications, API development, and modern software delivery processes.
  • You have previous experience in a cloud-native environment
  • You are proficient with Java or any similar language and object-oriented programming methodology.

Bonus Points!

  • You have experience and exposure to a containerized environment.
  • You hold relevant security or technical certifications ( CEH, OSCP, GWAPT, CISSP,).
  • Demonstrated experience contributing security fixes to open source projects.
  • You are eager to learn, and to share your knowledge with colleagues.
  • You like to automate the boring stuff.