Harness is expanding into DevSecOps with the integration of Traceable, and we're hiring a Staff or Principal Security Research Engineer to help lead the charge. This is a rare opportunity to work with visionary leaders like Jyoti Bansal and help shape security across the modern software delivery lifecycle—from code to cloud.

You'll drive research into cutting-edge threats targeting APIs, CI/CD pipelines, and emerging technologies like LLMs. Your work will directly influence product direction, detection capabilities, and customer protection strategies. This is a hands-on, high-impact role where you’ll collaborate across teams, interface with top-tier customers, and represent Harness at leading security conferences.

If you're passionate about solving hard security problems at scale, this role puts you at the center of innovation in a fast-growing DevSecOps platform.

• Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs
• Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud
• Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats
• Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments
• Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements
• Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges
• Build internal tools to automate and enhance security research workflows.
• Evangelize our research and platform through blogs, white papers, and talks at premier security conferences
• Analyze global cybersecurity incidents to extract learnings and apply them across domains

• Bachelor's or Master's degree in Computer Science.
• 8-10+ years of work experience
• Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)
• Prior development experience and a fair understanding of programming languages and frameworks are a must
• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
• Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems
• Strong foundation in computer science fundamentals, identity aware, network, application and runtime security
• Strong experience with various pen testing tools like Burpsuite, ZAP, etc.
• Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc.
• Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.).
• Working knowledge of IAST, DAST, and SAST
• Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar
• Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus
• Certifications such as CEH, OSCP, OSCE, or relevant security credentials
• Strong analytical skills and the ability to conduct complex security research autonomously
• Ability to work autonomously and drive complex security investigations from hypothesis to implementation

Work Location

This role will be out of our Mountain View office on a Hybrid capacity.

What You Will Have at Harness

• Competitive salary
• Comprehensive healthcare benefits
• Flexible Spending Account (FSA)
• Employee Assistance Program (EAP)
• Flexible Time Off and Parental Leave
• Quarterly Harness TGIF-Off / 4 days
• Monthly, quarterly, and annual social and team-building events
• Recharge & Reset Program
• Monthly internet reimbursement
• Commuter benefits

Pay transparency

$180,000 - $235,000 USD