Security Research Engineer Shift Left Security

Bengaluru - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Harness is led by technologist and entrepreneur Jyoti Bansal founder of AppDynamics (acquired by Cisco for $3.7B). The company has raised $240M in Series E venture funding is valued at $5.5B and backed by top investors including Goldman Sachs Menlo Ventures IVP Google Ventures J.P. Morgan Capital One Ventures Citi Ventures ServiceNow Splunk Ventures and more. Harness is building the industrys leading AI-powered software delivery platform enabling teams worldwide to build test and deliver software faster safer and more reliably. Writing code is only 3040% of the engineering lifecycle the rest involves testing deployments security compliance and optimization. Harness brings AI and automation to this outer loop turning complex time-consuming workflows into streamlined processes at massive global scale.

The platform includes industry leading products inCI/CD Feature Flags Cloud Cost Management Service Reliability Chaos Engineering Software Engineering Insights Internal Developer Experience and API discovery observability governance and runtime protection. Over the past year Harness powered 128M deployments 81M builds 1.2T API calls protected and $1.9B in cloud spend optimized helping customers like United Airlines and Choice Hotels accelerate releases by up to 75% and achieve 10x DevOps efficiency. With employees in over 25 countries Harness is shaping the future of AI-driven software delivery and were looking for exceptional talent to help us move even faster.

Key Responsibilities

Contribute to research on modern attack vectors across source code dependencies build systems and CI/CD pipelines.
Assist in developing scanning and detection techniques for SAST SCA and DAST to identify security flaws early in the development process.
Perform hands-on assessments of web applications APIs and build pipelines under guidance to uncover design flaws misconfigurations and dependency risks.
Study software supply chain threats and contribute to identifying and mitigating risks across open-source ecosystems.
Perform hands-on assessments of code applications APIs and build pipelines under guidance to uncover design flaws misconfigurations and security risks.
Help build and test prototype tools that automate vulnerability detection and developer workflow integration.
Collaborate with research product and engineering teams to validate findings and implement security improvements in developer environments.
Stay current with new vulnerabilities frameworks and DevSecOps practices to identify emerging threats relevant to modern software delivery.
Document findings and share insights through internal reports knowledge bases or external blog drafts.

Required Skills & Experience

Bachelors degree in Computer Science Cybersecurity or a related field (or equivalent practical experience).
1 - 4 years of experience application security or security research
Foundational understanding of Shift-Left Security concepts such as SAST SCA and DAST.
Understanding of CI/CD pipelines build systems and developer workflows.
Interest in AI and LLM models and curiosity about how they impact software security (e.g. insecure code generation data leakage dependency risks).
Familiarity with dependency management ecosystems (npm PyPI Maven Go modules) and basic knowledge of software supply chain risks.
Passion for research security and continuous learning with a never-give-up attitude.
Knowledge of OWASP Top 10 API Top 10 LLM Top 10 CI/CD Top 10.
Strong analytical mindset with curiosity for exploring how attackers exploit weaknesses in code and pipelines.
Proficiency in Java and Python for prototyping and automating rule validation workflows.
Excellent communication documentation and cross-functional collaboration skills.

Nice to Have

Contributions to open-source security projects especially those related to the OWASP Top 10 or OWASP API Top 10.
Experience developing custom WAF/WAAP rule engines threat classifiers or signal correlation pipelines.
Background in API security runtime protection or detection engineering at scale.
Authored publications technical blogs or delivered conference talks.

Harness in the news:

Accelerating Our Mission to Bring AI to Everything After Code
Goldman Sachs leads investment in software delivery startup Harness at $5.5 billion valuation
How Harness runs 16 startups within a startup at scale Jyoti Bansal
Harness Research Shows AI Visibility Crisis Fueling Security Nightmare
Harness has been named to the Inc. Power Partner list for software delivery success

All qualified applicants will receive consideration for employment without regard to race color religion sex or national origin.

Note on Fraudulent Recruiting/Offers

We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings unsolicited emails or messages claiming to be from our recruiters or hiring managers.

Please note we do not ask for sensitive or financial information via chat text or social media and any email communications will come from the domain @. Additionally Harness will never ask for any payment fee to be paid or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.

If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness please do not provide any personal or financial information and contact us immediately at. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commissions website ( or you can contact your local law enforcement agency.

Required Experience:

Key Responsibilities

Contribute to research on modern attack vectors across source code dependencies build systems and CI/CD pipelines.
Assist in developing scanning and detection techniques for SAST SCA and DAST to identify security flaws early in the development process.
Perform hands-on assessments of web applications APIs and build pipelines under guidance to uncover design flaws misconfigurations and dependency risks.
Study software supply chain threats and contribute to identifying and mitigating risks across open-source ecosystems.
Perform hands-on assessments of code applications APIs and build pipelines under guidance to uncover design flaws misconfigurations and security risks.
Help build and test prototype tools that automate vulnerability detection and developer workflow integration.
Collaborate with research product and engineering teams to validate findings and implement security improvements in developer environments.
Stay current with new vulnerabilities frameworks and DevSecOps practices to identify emerging threats relevant to modern software delivery.
Document findings and share insights through internal reports knowledge bases or external blog drafts.

Required Skills & Experience

Bachelors degree in Computer Science Cybersecurity or a related field (or equivalent practical experience).
1 - 4 years of experience application security or security research
Foundational understanding of Shift-Left Security concepts such as SAST SCA and DAST.
Understanding of CI/CD pipelines build systems and developer workflows.
Interest in AI and LLM models and curiosity about how they impact software security (e.g. insecure code generation data leakage dependency risks).
Familiarity with dependency management ecosystems (npm PyPI Maven Go modules) and basic knowledge of software supply chain risks.
Passion for research security and continuous learning with a never-give-up attitude.
Knowledge of OWASP Top 10 API Top 10 LLM Top 10 CI/CD Top 10.
Strong analytical mindset with curiosity for exploring how attackers exploit weaknesses in code and pipelines.
Proficiency in Java and Python for prototyping and automating rule validation workflows.
Excellent communication documentation and cross-functional collaboration skills.

Nice to Have

Contributions to open-source security projects especially those related to the OWASP Top 10 or OWASP API Top 10.
Experience developing custom WAF/WAAP rule engines threat classifiers or signal correlation pipelines.
Background in API security runtime protection or detection engineering at scale.
Authored publications technical blogs or delivered conference talks.