Staff Software Engineer (AppSec)

Position Summary

This role comes under the AppSec Foundations charter focused on designing and developing core authentication authorization and common services infrastructure that powers Harnesss security ecosystem. The team is responsible for building foundational RBAC systems service-to-service authentication audit logging and common security services that enable secure access control across all Harness modules including AppSec Platform CI/CD and other product offerings.

The Foundations team serves as the security backbone for Harnesss multi-product platform providing essential authentication and authorization services that ensure secure scalable access management across the entire software delivery lifecycle.

About the Role

• You will design and implement scalable authentication and authorization systems using modern RBAC patterns and industry best practices
• You will build high-performance low-latency microservices for identity management token validation and access control that serve millions of API calls
• You will develop audit logging and compliance systems that meet enterprise security requirements and regulatory standards
• You will collaborate closely with AppSec Platform CI/CD and other product teams to integrate security services seamlessly
• You will solve complex distributed systems challenges around service-to-service authentication token management and secrets rotation
• You will work with SRE teams to ensure high availability and operational excellence of critical security infrastructure
• You will contribute to API design and GraphQL schemas that provide secure efficient access to organizational resources

About You

• Education: Bachelors or Masters degree in Computer Science Software Engineering or related technical field
• Experience: 6-10 years of backend engineering experience with strong focus on security authentication and distributed systems
• Core Technologies: Proficiency in JVM-based languages (Java Scala Kotlin) with expertise in building production-grade microservices
• Security Expertise: Deep understanding of authentication protocols (OAuth 2.0 OIDC JWT) RBAC systems and modern authorization patterns
• API Development: Experience with RESTful APIs GraphQL and designing secure API architectures with proper access controls
• Distributed Systems: Strong knowledge of distributed system patterns service mesh architectures and microservices design principles
• Database Technologies: Experience with both SQL and NoSQL databases with understanding of data security and encryption at rest
• Cloud Platforms: Hands-on experience with cloud platforms (AWS GCP Azure) and container orchestration (Kubernetes)

Preferred Qualifications

• Experience with secrets management systems (HashiCorp Vault AWS Secrets Manager etc.)
• Knowledge of compliance frameworks (SOC 2 FedRAMP GDPR) and enterprise security requirements
• Understanding of CI/CD security patterns and DevSecOps practices
• Experience with audit logging systems and SIEM integration
• Familiarity with infrastructure as code and GitOps methodologies
• Previous experience in security-focused engineering roles or enterprise authentication systems

Technical Focus Areas

• Authentication and Authorization Infrastructure
• RBAC and Access Control Systems
• Service-to-Service Authentication
• Audit Logging and Compliance
• API Security and Token Management
• Secrets Management and Rotation
• Common Security Services