×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Cloud Computing

Security Research Engineer

Job in Mountain View, Santa Clara County, California, 94039, USA
Listing for: Menlo Ventures
Full Time position
Listed on 2025-12-11
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing
Job Description & How to Apply Below
Position: Staff Security Research Engineer

Harness is a high-growth company that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers’ pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs.

The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights and continues to expand at an incredibly fast pace.

Position Summary

Harness is expanding into Dev Sec Ops  with the integration of Traceable, and we're hiring a Staff or Principal Security Research Engineer to help lead the charge. This is a rare opportunity to work with visionary leaders like Jyoti Bansal and help shape security across the modern software delivery lifecycle—from code to cloud.

You'll drive research into cutting‑edge threats targeting APIs, CI/CD pipelines, and emerging technologies like LLMs. Your work will directly influence product direction, detection capabilities, and customer protection strategies. This is a hands‑on, high‑impact role where you’ll collaborate across teams, interface with top‑tier customers, and represent Harness at leading security conferences.

If you're passionate about solving hard security problems at scale, this role puts you at the center of innovation in a fast‑growing Dev Sec Ops  platform.

About the role
  • Conduct cutting‑edge research on modern attack vectors across App Sec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs
  • Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud
  • Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats
  • Perform in‑depth security assessments and penetration testing of web applications, APIs, build systems, and cloud‑native environments
  • Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements
  • Support pre‑sales, POCs, and post‑sales engagements by troubleshooting and solving complex detection and protection challenges
  • Build internal tools to automate and enhance security research workflows.
  • Evangelize our research and platform through blogs, white papers, and talks at premier security conferences
  • Analyze global cybersecurity incidents to extract learnings and apply them across domains
About you
  • Bachelor's or Master's degree in Computer Science.
  • 8-10+ years of work experience
  • Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)
  • Prior development experience and a fair understanding of programming languages and frameworks are a must
  • Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
  • Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems
  • Strong foundation in computer science fundamentals, identity aware, network, application and runtime security
  • Strong experience with various pen testing tools like Burpsuite, ZAP, etc.
  • Strong applied knowledge of attacks in Web/API eco‑system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc.
  • Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.).
  • Working knowledge of IAST, DAST, and SAST
  • Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar
  • Proven track record of publishing high‑quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus
  • Certifications such as CEH, OSCP, OSCE, or relevant security credentials
  • Strong analytical skills and the ability to conduct complex security research autonomously
  • Ability to work autonomously and drive complex security…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search