Senior Product Security Engineer
Senior Product Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Overview:
The Senior Product Security Engineer will lead efforts to secure the Harness software by embedding security into every stage of the development lifecycle. This role involves vulnerability management internal adoption of cuttingedge security solutions and enabling teams to shift left on security while safeguarding the software supply chain.
Key Responsibilities
- Lead identification triage and remediation of vulnerabilities across the Harness platform and modules partnering with engineering teams to establish SLAs and track progress.
- Collaborate with engineers to perform threat modeling for new and existing features identifying risks early and providing actionable recommendations.
- Promote and implement Harness STO and SCS modules internally to demonstrate security best practices and drive adoption.
- Develop and integrate security controls and checks into CI/CD workflows to detect issues before deployment.
- Establish robust processes for software supply chain security including dependency management and artifact integrity verification using SLSA
- Stay updated on emerging threats targeting software supply chains and adjust strategies proactively.
- Plan and execute periodic penetration tests to uncover vulnerabilities and validate security controls working with internal teams and external testers.
- Leverage expertise in security scanners and tools (e.g. SAST DAST IAST SCA) to ensure consistent testing and reporting.
- Evaluate and recommend security tools to align with organizational needs and improve testing coverage.
- Partner with engineering platform and DevOps teams to foster a securityfirst mindset through training and enablement.
- Support compliance initiatives by aligning product security practices with regulatory standards and maintaining audit documentation.
Qualifications
- Proven experience in product security vulnerability management and secure software development lifecycle practices.
- Handson expertise with security tools such as OWASP ZAP Burp Suite Checkmarx SonarQube or equivalent.
- Strong understanding of CI/CD processes tools (e.g. Jenkins GitHub Actions Harness) and shiftleft security approaches.
- Knowledge of secure coding practices threat modeling methodologies and supply chain security principles.
- Familiarity with different types of security testing SAST DAST IaC SCA) and proficiency in evaluating scanning tools.
- Strong collaboration skills with engineering and DevOps teams to embed security practices effectively.
- Passion for fostering a securityfirst culture through enablement training and continuous improvement.
- Excellent communication skills to convey technical security concepts to diverse stakeholders.
Harness in the news:
- Harness Grabs a $150m Line of Credit
- Welcome Split!
- SF Business TimesFastestGrowing Private Companies in the Bay Area
- Forbes 2024 Americas Best Startup Employers
- SF Business Times 2024 Fastest Growing Private Companies Awards
- Fast CoBest Workplaces for Innovators
All qualified applicants will receive consideration for employment without regard to race color religion sex or national origin.
Note on Fraudulent Recruiting/Offers
We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings unsolicited emails or messages claiming to be from our recruiters or hiring managers.
Please note we do not ask for sensitive or financial information via chat text or social media and any email communications will come from the domain @harness. Additionally Harness will never ask for any payment fee to be paid or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.
If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness please do not provide any personal or financial information and contact us immediately at. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commissions website or you can contact your local law enforcement agency.
Required Experience:
Senior IC
Employment Type
Full Time
