Skip to content
Staff Security Research Engineer
| Company | Harness |
|---|
| Location | Mountain View, CA, USA |
|---|
| Salary | $180000 – $235000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s, Master’s |
|---|
| Experience Level | Senior, Expert or higher |
|---|
Requirements
- Bachelor’s or Master’s degree in Computer Science.
- 8-10+ years of work experience
- Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)
- Prior development experience and a fair understanding of programming languages and frameworks are a must
- Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
- Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems
- Strong foundation in computer science fundamentals, identity aware, network, application and runtime security
- Strong experience with various pen testing tools like Burpsuite, ZAP, etc.
- Strong applied knowledge of attacks in Web/API eco-system – Web attacks, API attacks, API abuse, API Fraud, ATO, etc.
- Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.).
- Working knowledge of IAST, DAST, and SAST
- Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar
- Strong analytical skills and the ability to conduct complex security research autonomously
- Ability to work autonomously and drive complex security investigations from hypothesis to implementation
Responsibilities
- Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs
- Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud
- Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats
- Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments
- Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements
- Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges
- Build internal tools to automate and enhance security research workflows
- Evangelize our research and platform through blogs, white papers, and talks at premier security conferences
- Analyze global cybersecurity incidents to extract learnings and apply them across domains
Preferred Qualifications
- Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus
- Certifications such as CEH, OSCP, OSCE, or relevant security credentials
