Staff Security Research Engineer

Harness is the AI Software Delivery Platform company, led by technologist and entrepreneur Jyoti Bansal (founder of AppDynamics, acquired by Cisco for $3.7B). Harness has raised approximately $570M in funding and is valued at $5.5B, backed by leading investors including Goldman Sachs, Menlo Ventures, IVP, Unusual Ventures, Citi Ventures, and more. As AI accelerates code creation, the real bottleneck has shifted to everything after the code – testing, deployments, application security, reliability, compliance, and cost optimization. Harness brings AI and automation to this “outer loop,” helping teams ship software faster while maintaining security and governance throughout the entire software delivery lifecycle. Powered by Harness AI and the Software Delivery Knowledge Graph, the Harness Platform applies deep context and intelligent automation across the software delivery lifecycle with governance and policy-driven controls embedded throughout the platform. Over the past year, Harness powered over 185M deployments, 82M builds, 18T flag evaluations, 8M security scans, 9.1B optimized tests, 3T protected API calls, and helped manage $2.8B in cloud spend — enabling customers like United Airlines, Morningstar, and Choice Hotels to accelerate releases by up to 75%, reduce cloud costs by up to 60%, and achieve 10x DevOps efficiency. With a global team across 14 offices and 25 countries, Harness is shaping the future of AI software delivery — and we’re looking for exceptional talent to help us move even faster. Key Responsibilities Research and build AI-powered security capabilities that enhance early detection and prevention across SAST, SCA, DAST, and CI/CD pipelines. Research risks in AI-assisted development, including insecure code generation, dependency suggestions, and automated refactoring. Lead research into modern attack vectors targeting code, dependencies, build systems, CI/CD pipelines, and cloud environments. Develop AI-assisted detection and testing methods to improve accuracy, automation, and coverage across security tooling. Prototype and validate new detection methods that help developers prevent vulnerabilities before deployment. Collaborate with engineering and product teams to integrate research outcomes directly into developer workflows and platform features. Perform deep technical assessments of applications, APIs, source repositories, and build pipelines to uncover design flaws, dependency risks, and supply chain threats. Work with customers and internal teams to align research with real-world DevSecOps use cases and product improvements. Contribute to pre-sales and technical enablement through proof-of-concepts, demos, and solution design for code-to-cloud protection. Build internal tools and automation that accelerate vulnerability discovery, analysis, and AI-driven security research. Share insights and research outcomes through blogs, whitepapers, and conference talks to advance the field of Shift-Left and AI security. Continuously monitor emerging threats and apply learnings to improve product detection and protection capabilities. About You Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. 8 - 10+ years of experience with special focus on security research and application security. Strong background in shift-left security tools (SAST, DAST, SCA) with experience building or customizing scanning rules, engines, or pipelines. Prior hands-on development experience with a solid understanding of modern programming languages, frameworks, and build systems. Understanding of AI and LLM models, their integration into developer workflows, and potential security risks. Deep understanding of OWASP Top 10, API Security Top 10, LLM Top 10, and CI/CD Security Top 10, with the ability to map real-world vulnerabilities to these risk categories. Familiarity with AI-assisted development tools and experience evaluating or mitigating risks from AI-generated code and depe ... (truncated, view full listing at source)