Staff Security Research Engineer

Harness is a high-growth company that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs. The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights and continues to expand at an incredibly fast pace.

Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We're backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.

Key Responsibilities

• Research and build AI-powered security capabilities that enhance early detection and prevention across SAST, SCA, DAST, and CI/CD pipelines.
• Research risks in AI-assisted development, including insecure code generation, dependency suggestions, and automated refactoring.
• Lead research into modern attack vectors targeting code, dependencies, build systems, CI/CD pipelines, and cloud environments.
• Develop AI-assisted detection and testing methods to improve accuracy, automation, and coverage across security tooling.
• Prototype and validate new detection methods that help developers prevent vulnerabilities before deployment.
• Collaborate with engineering and product teams to integrate research outcomes directly into developer workflows and platform features.
• Perform deep technical assessments of applications, APIs, source repositories, and build pipelines to uncover design flaws, dependency risks, and supply chain threats.
• Work with customers and internal teams to align research with real-world DevSecOps use cases and product improvements.
• Contribute to pre-sales and technical enablement through proof-of-concepts, demos, and solution design for code-to-cloud protection.
• Build internal tools and automation that accelerate vulnerability discovery, analysis, and AI-driven security research.
• Share insights and research outcomes through blogs, whitepapers, and conference talks to advance the field of Shift-Left and AI security.
• Continuously monitor emerging threats and apply learnings to improve product detection and protection capabilities.
  
  

About You

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• 8 - 10+ years of experience with special focus on security research and application security.
• Strong background in shift-left security tools (SAST, DAST, SCA) with experience building or customizing scanning rules, engines, or pipelines.
• Prior hands-on development experience with a solid understanding of modern programming languages, frameworks, and build systems.
• Understanding of AI and LLM models, their integration into developer workflows, and potential security risks.
• Deep understanding of OWASP Top 10, API Security Top 10, LLM Top 10, and CI/CD Security Top 10, with the ability to map real-world vulnerabilities to these risk categories.
• Familiarity with AI-assisted development tools and experience evaluating or mitigating risks from AI-generated code and dependency suggestions.
• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
• Familiarity with dependency management ecosystems (npm, PyPI, Maven, Go modules) and open-source risk analysis.
• Demonstrated experience in publishing security research, authoring technical blogs, or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus.
• Relevant credentials such as OSCP, OSCE, CEH, or equivalent security certifications are a plus.
• Strong analytical and problem-solving skills, with the ability to lead complex research independently; from hypothesis to validation and implementation.
• Proven ability to work autonomously, drive large research efforts, and collaborate cross-functionally with product and engineering teams.
• Passion for research, security, and continuous learning, with a never-give-up attitude.
  
  

Work Location

This role will be out of our Bengaluru, India office on a Hybrid capacity.

Harness In The News

• Harness AI Tackles Software Development's Real Bottleneck
• After Vibe Coding Comes Vibe Testing (Almost)
• Startup Within a Startup: Empowering Intrapreneurs for Scalable Innovation - Jyoti Bansal (Harness)
• Jyoti Bansal, Harness | theCUBEd Awards
• Eight years after selling AppDynamics to Cisco, Jyoti Bansal is pursuing an unusual merger
• Harness snags Split.io, as it goes all in on feature flags and experiments
• Exclusive: Jyoti Bansal-led Harness has raised $150 million in debt financing
  
  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or national origin.

Note on Fraudulent Recruiting/Offers

We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers.

Please note, we do not ask for sensitive or financial information via chat, text, or social media, and any email communications will come from the domain @harness.io. Additionally, Harness will never ask for any payment, fee to be paid, or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.

If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness, please do not provide any personal or financial information and contact us immediately at [Confidential Information]. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commission's website (https://consumer.ftc.gov/articles/job-scams), or you can contact your local law enforcement agency.