Staff Software Engineer (AppSec)
Harness
Harness is led by technologist and entrepreneur Jyoti Bansal, founder of AppDynamics (acquired by Cisco for $3.7B). The company has raised ~$240M in Series E venture funding, is valued at $5.5B, and backed by top investors including Goldman Sachs, Menlo Ventures, IVP, Google Ventures, J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures and more. Harness is building the industry’s leading AI-powered software delivery platform, enabling teams worldwide to build, test, and deliver software faster, safer, and more reliably. Writing code is only 30–40% of the engineering lifecycle — the rest involves testing, deployments, security, compliance, and optimization. Harness brings AI and automation to this outer loop, turning complex, time-consuming workflows into streamlined processes at massive global scale.
The platform includes industry leading products in CI/CD, Feature Flags, Cloud Cost Management, Service Reliability, Chaos Engineering, Software Engineering Insights, Internal Developer Experience, and API discovery, observability, governance, and runtime protection. Over the past year, Harness powered 128M deployments, 81M builds, 1.2T API calls protected, and $1.9B in cloud spend optimized, helping customers like United Airlines and Choice Hotels accelerate releases by up to 75% and achieve 10x DevOps efficiency. With employees in over 25 countries, Harness is shaping the future of AI-driven software delivery — and we’re looking for exceptional talent to help us move even faster.
Position Summary
This role comes under the AppSec Foundations charter, focused on designing and developing core authentication, authorization, and common services infrastructure that powers Harness's security ecosystem. The team is responsible for building foundational RBAC systems, service-to-service authentication, audit logging, and common security services that enable secure access control across all Harness modules including AppSec Platform, CI/CD, and other product offerings.
The Foundations team serves as the security backbone for Harness's multi-product platform, providing essential authentication and authorization services that ensure secure, scalable access management across the entire software delivery lifecycle.
About the Role
- You will design and implement scalable authentication and authorization systems using modern RBAC patterns and industry best practices
- You will build high-performance, low-latency microservices for identity management, token validation, and access control that serve millions of API calls
- You will develop audit logging and compliance systems that meet enterprise security requirements and regulatory standards
- You will collaborate closely with AppSec Platform, CI/CD, and other product teams to integrate security services seamlessly
- You will solve complex distributed systems challenges around service-to-service authentication, token management, and secrets rotation
- You will work with SRE teams to ensure high availability and operational excellence of critical security infrastructure
- You will contribute to API design and GraphQL schemas that provide secure, efficient access to organizational resources
About You
- Education: Bachelor's or Master's degree in Computer Science, Software Engineering, or related technical field
- Experience: 6-10 years of backend engineering experience with strong focus on security, authentication, and distributed systems
- Core Technologies: Proficiency in JVM-based languages (Java, Scala, Kotlin) with expertise in building production-grade microservices
- Security Expertise: Deep understanding of authentication protocols (OAuth 2.0, OIDC, JWT), RBAC systems, and modern authorization patterns
- API Development: Experience with RESTful APIs, GraphQL, and designing secure API architectures with proper access controls
- Distributed Systems: Strong knowledge of distributed system patterns, service mesh architectures, and microservices design principles
- Database Technologies: Experience with both SQL and NoSQL databases, with understanding of data security and encryption at rest
- Cloud Platforms: Hands-on experience with cloud platforms (AWS, GCP, Azure) and container orchestration (Kubernetes)
Preferred Qualifications
- Experience with secrets management systems (HashiCorp Vault, AWS Secrets Manager, etc.)
- Knowledge of compliance frameworks (SOC 2, FedRAMP, GDPR) and enterprise security requirements
- Understanding of CI/CD security patterns and DevSecOps practices
- Experience with audit logging systems and SIEM integration
- Familiarity with infrastructure as code and GitOps methodologies
- Previous experience in security-focused engineering roles or enterprise authentication systems
Technical Focus Areas
- Authentication and Authorization Infrastructure
- RBAC and Access Control Systems
- Service-to-Service Authentication
- Audit Logging and Compliance
- API Security and Token Management
- Secrets Management and Rotation
- Common Security Services
Harness in the news:
- Accelerating Our Mission to Bring AI to Everything After Code
- Goldman Sachs leads investment in software delivery startup Harness at $5.5 billion valuation
- How Harness runs 16 “startups within a startup” at scale | Jyoti Bansal
- Harness Research Shows AI Visibility Crisis Fueling Security Nightmare
- Harness has been named to the Inc. Power Partner list for software delivery success
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or national origin.
Note on Fraudulent Recruiting/Offers
We have become aware that there may be fraudulent recruiting attempts being made by people posing as representatives of Harness. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers.
Please note, we do not ask for sensitive or financial information via chat, text, or social media, and any email communications will come from the domain @harness.io. Additionally, Harness will never ask for any payment, fee to be paid, or purchases to be made by a job applicant. All applicants are encouraged to apply directly to our open jobs via our website. Interviews are generally conducted via Zoom video conference unless the candidate requests other accommodations.
If you believe that you have been the target of an interview/offer scam by someone posing as a representative of Harness, please do not provide any personal or financial information and contact us immediately at security@harness.io. You can also find additional information about this type of scam and report any fraudulent employment offers via the Federal Trade Commission’s website (https://consumer.ftc.gov/articles/job-scams), or you can contact your local law enforcement agency.