Staff Security Research Engineer

Bengaluru - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Harness is led by technologist and entrepreneur Jyoti Bansal founder of AppDynamics (acquired by Cisco for $3.7B). The company has raised $570M in Series E venture funding is valued at $5.5B and backed by top investors including Goldman Sachs Menlo Ventures IVP Google Ventures J.P. Morgan Capital One Ventures Citi Ventures ServiceNow Splunk Ventures and more. Harness is building the industrys leading AI-powered software delivery platform enabling teams worldwide to build test and deliver software faster safer and more reliably. Writing code is only 3040% of the engineering lifecycle the rest involves testing deployments security compliance and optimization. Harness brings AI and automation to this outer loop turning complex time-consuming workflows into streamlined processes at massive global scale.

The platform includes industry leading products inCI/CD Feature Flags Cloud Cost Management Service Reliability Chaos Engineering Software Engineering Insights Internal Developer Experience and API discovery observability governance and runtime protection. Over the past year Harness powered 128M deployments 81M builds 1.2T API calls protected and $1.9B in cloud spend optimized helping customers like United Airlines and Choice Hotels accelerate releases by up to 75% and achieve 10x DevOps efficiency. With employees in over 25 countries Harness is shaping the future of AI-driven software delivery and were looking for exceptional talent to help us move even faster.

Key Responsibilities

Research and build AI-powered security capabilities that enhance early detection and prevention across SAST SCA DAST and CI/CD pipelines.
Research risks in AI-assisted development including insecure code generation dependency suggestions and automated refactoring.
Lead research into modern attack vectors targeting code dependencies build systems CI/CD pipelines and cloud environments.
Develop AI-assisted detection and testing methods to improve accuracy automation and coverage across security tooling.
Prototype and validate new detection methods that help developers prevent vulnerabilities before deployment.
Collaborate with engineering and product teams to integrate research outcomes directly into developer workflows and platform features.
Perform deep technical assessments of applications APIs source repositories and build pipelines to uncover design flaws dependency risks and supply chain threats.
Work with customers and internal teams to align research with real-world DevSecOps use cases and product improvements.
Contribute to pre-sales and technical enablement through proof-of-concepts demos and solution design for code-to-cloud protection.
Build internal tools and automation that accelerate vulnerability discovery analysis and AI-driven security research.
Share insights and research outcomes through blogs whitepapers and conference talks to advance the field of Shift-Left and AI security.
Continuously monitor emerging threats and apply learnings to improve product detection and protection capabilities.

About You

Bachelors or Masters degree in Computer Science Cybersecurity or a related field.
8 - 10 years of experience with special focus on security research and application security.
Strong background in shift-left security tools (SAST DAST SCA) with experience building or customizing scanning rules engines or pipelines.
Prior hands-on development experience with a solid understanding of modern programming languages frameworks and build systems.
Understanding of AI and LLM models their integration into developer workflows and potential security risks.
Deep understanding of OWASP Top 10 API Security Top 10 LLM Top 10 and CI/CD Security Top 10 with the ability to map real-world vulnerabilities to these risk categories.
Familiarity with AI-assisted development tools and experience evaluating or mitigating risks from AI-generated code and dependency suggestions.
Proficient in at least one modern programming language (Python Go Java JavaScript etc.)
Familiarity with dependency management ecosystems (npm PyPI Maven Go modules) and open-source risk analysis.
Demonstrated experience in publishing security research authoring technical blogs or presenting at top security conferences (e.g. Black Hat DEF CON RSAC BSides) is a strong plus.
Relevant credentials such as OSCP OSCE CEH or equivalent security certifications are a plus.
Strong analytical and problem-solving skills with the ability to lead complex research independently; from hypothesis to validation and implementation.
Proven ability to work autonomously drive large research efforts and collaborate cross-functionally with product and engineering teams.
Passion for research security and continuous learning with a never-give-up attitude.

Work Location

This role will be out of our Bengaluru India office on a Hybrid capacity.

Harness in the news:

Accelerating Our Mission to Bring AI to Everything After Code
Goldman Sachs leads investment in software delivery startup Harness at $5.5 billion valuation
How Harness runs 16 startups within a startup at scale Jyoti Bansal
Harness Research Shows AI Visibility Crisis Fueling Security Nightmare
Harness has been named to the Inc. Power Partner list for software delivery success

All qualified applicants will receive consideration for employment without regard to race color religion sex or national origin.

Note on Fraudulent Recruiting/Offers

We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings unsolicited emails or messages claiming to be from our recruiters or hiring managers.

Please note we do not ask for sensitive or financial information via chat text or social media and any email communications will come from the domain @. Additionally Harness will never ask for any payment fee to be paid or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.

If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness please do not provide any personal or financial information and contact us immediately at. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commissions website ( or you can contact your local law enforcement agency.

Required Experience:

Staff IC

Key Responsibilities

Research and build AI-powered security capabilities that enhance early detection and prevention across SAST SCA DAST and CI/CD pipelines.
Research risks in AI-assisted development including insecure code generation dependency suggestions and automated refactoring.
Lead research into modern attack vectors targeting code dependencies build systems CI/CD pipelines and cloud environments.
Develop AI-assisted detection and testing methods to improve accuracy automation and coverage across security tooling.
Prototype and validate new detection methods that help developers prevent vulnerabilities before deployment.
Collaborate with engineering and product teams to integrate research outcomes directly into developer workflows and platform features.
Perform deep technical assessments of applications APIs source repositories and build pipelines to uncover design flaws dependency risks and supply chain threats.
Work with customers and internal teams to align research with real-world DevSecOps use cases and product improvements.
Contribute to pre-sales and technical enablement through proof-of-concepts demos and solution design for code-to-cloud protection.
Build internal tools and automation that accelerate vulnerability discovery analysis and AI-driven security research.
Share insights and research outcomes through blogs whitepapers and conference talks to advance the field of Shift-Left and AI security.
Continuously monitor emerging threats and apply learnings to improve product detection and protection capabilities.

About You

Bachelors or Masters degree in Computer Science Cybersecurity or a related field.
8 - 10 years of experience with special focus on security research and application security.
Strong background in shift-left security tools (SAST DAST SCA) with experience building or customizing scanning rules engines or pipelines.
Prior hands-on development experience with a solid understanding of modern programming languages frameworks and build systems.
Understanding of AI and LLM models their integration into developer workflows and potential security risks.
Deep understanding of OWASP Top 10 API Security Top 10 LLM Top 10 and CI/CD Security Top 10 with the ability to map real-world vulnerabilities to these risk categories.
Familiarity with AI-assisted development tools and experience evaluating or mitigating risks from AI-generated code and dependency suggestions.
Proficient in at least one modern programming language (Python Go Java JavaScript etc.)
Familiarity with dependency management ecosystems (npm PyPI Maven Go modules) and open-source risk analysis.
Demonstrated experience in publishing security research authoring technical blogs or presenting at top security conferences (e.g. Black Hat DEF CON RSAC BSides) is a strong plus.
Relevant credentials such as OSCP OSCE CEH or equivalent security certifications are a plus.
Strong analytical and problem-solving skills with the ability to lead complex research independently; from hypothesis to validation and implementation.
Proven ability to work autonomously drive large research efforts and collaborate cross-functionally with product and engineering teams.
Passion for research security and continuous learning with a never-give-up attitude.