Staff Software Engineer (Product Security)

Requirements
• 8+ years of experience in product security, application security, offensive security, and/or security-focused software engineering,
• Long track record of identifying and remediating software vulnerabilities, demonstrated through CVEs, bug bounty awards, published research, or prior work experience,
• Demonstrated ability to lead cross-functional security initiatives and influence engineering teams without direct authority,
• Experience mentoring engineers and raising the quality bar of software engineering teams on security practices,
• Strong programming skills with demonstrated experience writing high-quality, production software,
• Excellent communication and collaboration skills, particularly when translating security risks into business terms for non-security stakeholders,
• Track record of leading complex cross-functional projects and delivering measurable security improvements,
• (Desirable) Experience building security programs or practices at hyper-growth startups,
• (Desirable) Background with cloud environments (Azure, GCP, AWS) and cloud-native security patterns,
• (Desirable) Experience with AI/ML systems and emerging security considerations for LLM-based applications

What the job involves
• As a Staff Software Engineer on the Product Security team at Harvey, you'll play a critical role in shaping how security is built into our AI platform from the ground up. We store and process our customers’ most sensitive data, and as a result, security is paramount at every stage of our product lifecycle,
• You'll take ownership of securing critical parts of the product while driving high-leverage security initiatives that raise the bar for the entire engineering org — balancing hands-on technical work with cross-functional leadership and mentorship. You’ll lead and implement both technical controls and security features within the Harvey platform,
• Our security program is driven by our collective offensive security experience: breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset,
• Establish and evolve security posture across the engineering organization, setting standards that scale with the company,
• Partner with Product Engineering, Infrastructure, and Platform teams to incorporate secure design principles at every stage of development,
• Own and review security-critical code across key parts of the product, including authentication and access control,
• Architect secure-by-default libraries and tools that make the secure path the easiest choice for developers,
• Drive mitigation strategies during security-related incident responses, coordinating cross-functional efforts,
• Mentor engineers and raise the security bar across teams through code reviews, design reviews, and technical guidance

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!