Why Harvey

At Harvey were transforming how legal and professional services operate not incrementally but end-to-end. By combining frontier agentic AI an enterprise-grade platform and deep domain expertise were reshaping how critical knowledge work gets done for decades to come.

This is a rare chance to help build a generational company at a true inflection point. With 1000 customers in 60 countries strong product-market fit and world-class investor support were scaling fast and defining a new category in real time. The work is ambitious the bar is high and the opportunity for growth personal professional and financial is unmatched.

Our team is sharp motivated and deeply committed to the mission. We move fast operate with intensity and take real ownership of the problems we tackle from early thinking to long-term outcomes. We stay close to our customers from leadership to engineers and work together to solve real problems with urgency and care. If you thrive in ambiguity push for excellence and want to help shape the future of work alongside others who raise the bar we invite you to build with us.

At Harvey the future of professional services is being written today and were just getting started.

Role Overview

As a Staff Software Engineer on the Product Security team at Harvey youll play a critical role in shaping how security is built into our AI platform from the ground up. We store and process our customers most sensitive data and as a result security is paramount at every stage of our product lifecycle. Youll take ownership of securing critical parts of the product while driving high-leverage security initiatives that raise the bar for the entire engineering org balancing hands-on technical work with cross-functional leadership and mentorship. This is a rare opportunity to define and build a product security program at a company scaling fast.

Our security program is driven by our collective offensive security experience: breaking into systems at other companies (in white-hat capacities) responding to real security incidents and learning from other companies data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time we are all software engineers - contributing code daily and approaching security with an engineering-first mindset.

What Youll Do

• Define and own the product security roadmap prioritizing initiatives based on risk business impact and engineering org maturity.

• Establish and evolve security posture across the engineering organization setting standards that scale with the company

• Partner with Product Engineering Infrastructure and Platform teams to incorporate secure design principles at every stage of development

• Own and review security-critical code across key parts of the product including authentication and access control

• Architect secure-by-default libraries and tools that make the secure path the easiest choice for developers

• Drive mitigation strategies during security-related incident responses coordinating cross-functional efforts

• Mentor engineers and raise the security bar across teams through code reviews design reviews and technical guidance

What You Have

• 8 years of experience in product security application security offensive security and/or security-focused software engineering

• Long track record of identifying and remediating software vulnerabilities demonstrated through CVEs bug bounty awards published research or prior work experience

• Track record of leading complex cross-functional security initiatives and delivering measurable improvements with demonstrated ability to influence engineering teams without direct authority.

• Experience mentoring senior engineers and developing security talent within an engineering organization

• Strong programming skills with demonstrated experience writing high-quality production software

• Excellent communication and collaboration skills particularly when translating security risks into business terms for non-security stakeholders

  Nice to Have

  • Experience building security programs or practices at hyper-growth startups

  • Background with cloud environments (Azure GCP AWS) and cloud-native security patterns

  • Experience with AI/ML systems and emerging security considerations for LLM-based applications

Compensation

$220000 - $330000

Depending on your location an Applicant Privacy Notice may apply to you. You can find all of our Applicant Privacy Notices here.

#LI-KV1

Harvey is an equal opportunity employer and does not discriminate on the basis of race gender sexual orientation gender identity/expression national origin disability age genetic information veteran status marital status pregnancy or related condition or any other basis protected by law.

We are committed to providing reasonable accommodations to applicants with disabilities and requests can be made by emailing

Required Experience:

Staff IC