Staff Security Engineer - GRC

Harness is the AI Software Delivery Platform company, led by technologist and entrepreneur Jyoti Bansal (founder of AppDynamics, acquired by Cisco for $3.7B). Harness has raised approximately $570M in funding and is valued at $5.5B, backed by leading investors including Goldman Sachs, Menlo Ventures, IVP, Unusual Ventures, Citi Ventures, and more. As AI accelerates code creation, the real bottleneck has shifted to everything after the code – testing, deployments, application security, reliability, compliance, and cost optimization. Harness brings AI and automation to this “outer loop,” helping teams ship software faster while maintaining security and governance throughout the entire software delivery lifecycle. Powered by Harness AI and the Software Delivery Knowledge Graph, the Harness Platform applies deep context and intelligent automation across the software delivery lifecycle with governance and policy-driven controls embedded throughout the platform. Over the past year, Harness powered over 185M deployments, 82M builds, 18T flag evaluations, 8M security scans, 9.1B optimized tests, 3T protected API calls, and helped manage $2.8B in cloud spend — enabling customers like United Airlines, Morningstar, and Choice Hotels to accelerate releases by up to 75%, reduce cloud costs by up to 60%, and achieve 10x DevOps efficiency. With a global team across 14 offices and 25 countries, Harness is shaping the future of AI software delivery — and we’re looking for exceptional talent to help us move even faster. Position Summary A Staff Security Engineer will be a member of the GRC team working within the Information Security organization and across the business to advise, build, and operate security and compliance programs at scale. Utilizing in-depth expertise across multiple disciplines, a Senior Security Analyst is responsible for executing various components of Harness’ security posture and overseeing end-to-end solutions to complex problems. As a Staff Security Engineer, you will lead security efforts to acquire and maintain compliance certifications (e.g., SOC 2, ISO 27001, ISO 27017, ISO 27018, PCI-DSS, and HIPAA), design solutions that enable Harness’ security goals, and collaborate directly with business and engineering teams to preserve velocity while ensuring security. You will be responsible for defining and implementing security and compliance capabilities, as well as leading efforts to provide transparency to customers, prospects, and internal stakeholders. In this role, you will: Own the PCI-DSS program at Harness as the subject matter expert Design, implement, and continuously monitor PCI-DSS controls, collaborating with engineering teams to ensure the PCI environment is properly scoped, segmented, and secured; Contribute precise and actionable guidance to ensure security and privacy by design for engineering and business initiatives; Lead and deliver internal and external audits, risk assessments, and annual compliance certifications across the technical estate; Execute core security capabilities such as policy and procedure development, and security awareness and training requirements; Support customer trust initiatives such as reviewing contracts for security and privacy requirements, completing questionnaires and requests, and maintaining our customer trust portal; Continuously monitor and manage supply chain security and vendor risk management; Drive security and compliance across the business through empathetic partnership. Measure control and program effectiveness, recommending new strategies to manage risk; Articulate Harness’s security capabilities and controls to enterprise customers or auditors; and Identify security gaps, develop or support the development of a path forward to address them, and ensure the plan is fully executed and working as intended. About You You have at least 5-8 years of relevant industry experience. You have exposure to industry regulations, frameworks, and complia ... (truncated, view full listing at source)