Staff Security Research Engineer

Jobright is an AI-powered career platform that helps job seekers discover the top opportunities in the US. We are NOT a staffing agency. Jobright does not hire directly for these positions. We connect you with verified openings from employers you can trust.

Job Summary:

Harness is a high-growth company disrupting the software delivery market, and they are seeking a Staff Security Research Engineer to lead the integration of security in DevSecOps. This role involves conducting research on modern attack vectors, collaborating with teams to develop detection strategies, and engaging with customers to enhance their security posture.

Responsibilities:

• Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs

• Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud

• Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats

• Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments

• Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements

• Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges

• Build internal tools to automate and enhance security research workflows.

• Evangelize our research and platform through blogs, white papers, and talks at premier security conferences

• Analyze global cybersecurity incidents to extract learnings and apply them across domains

Qualifications:

Required:

• Bachelor's or Master's degree in Computer Science.

• 8-10 years of work experience

• Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)

• Prior development experience and a fair understanding of programming languages and frameworks are a must

• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)

• Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems

• Strong foundation in computer science fundamentals, identity aware, network, application and runtime security

• Strong experience with various pen testing tools like Burpsuite, ZAP, etc.

• Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc.

• Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.).

• Working knowledge of IAST, DAST, and SAST

• Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar

• Strong analytical skills and the ability to conduct complex security research autonomously

• Ability to work autonomously and drive complex security investigations from hypothesis to implementation

Preferred:

• Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus

• Certifications such as CEH, OSCP, OSCE, or relevant security credentials

Company:

Harness is a Continuous Delivery-as-a-Service platform for engineering and DevOps teams to release applications into production. Founded in 2017, the company is headquartered in San Francisco, California, USA, with a team of 501-1000 employees. The company is currently Late Stage.