Senior Product Security Engineer

Key Responsibilities

• Lead identification, triage, and remediation of vulnerabilities across the Harness platform and modules, partnering with engineering teams to establish SLAs and track progress.
• Collaborate with engineers to perform threat modeling for new and existing features, identifying risks early and providing actionable recommendations.
• Promote and implement Harness STO and SCS modules internally to demonstrate security best practices and drive adoption.
• Develop and integrate security controls and checks into CI/CD workflows to detect issues before deployment.
• Establish robust processes for software supply chain security, including dependency management and artifact integrity verification using SLSA
• Stay updated on emerging threats targeting software supply chains and adjust strategies proactively.
• Plan and execute periodic penetration tests to uncover vulnerabilities and validate security controls, working with internal teams and external testers.
• Leverage expertise in security scanners and tools (e.g., SAST, DAST, IAST, SCA) to ensure consistent testing and reporting.
• Evaluate and recommend security tools to align with organizational needs and improve testing coverage.
• Partner with engineering, platform, and DevOps teams to foster a security-first mindset through training and enablement.
• Support compliance initiatives by aligning product security practices with regulatory standards and maintaining audit documentation.

• Proven experience in product security, vulnerability management, and secure software development lifecycle practices.
• Hands-on expertise with security tools such as OWASP ZAP, Burp Suite, Checkmarx, SonarQube, or equivalent.
• Strong understanding of CI/CD processes, tools (e.g., Jenkins, GitHub Actions, Harness), and shift-left security approaches.
• Knowledge of secure coding practices, threat modeling methodologies, and supply chain security principles.
• Familiarity with different types of security testing SAST, DAST, IaC, SCA) and proficiency in evaluating scanning tools.
• Strong collaboration skills with engineering and DevOps teams to embed security practices effectively.
• Passion for fostering a security-first culture through enablement, training, and continuous improvement.
• Excellent communication skills to convey technical security concepts to diverse stakeholders.