Shape the Future of AI Security: Staff Software Engineer, Product Security at Harvey
At Harvey, we're not just iterating; we're redefining how legal and professional services operate. By merging cutting-edge agentic AI, an enterprise-grade platform, and unparalleled domain expertise, we are fundamentally reshaping critical knowledge work for decades to come. This is a rare opportunity to join a generational company at a true inflection point.
With over 1000 customers in 60+ countries, validated product-market fit, and world-class investor backing, we're experiencing hyper-growth and actively defining a new category. The work is ambitious, the bar is exceptionally high, and the potential for personal, professional, and financial growth is unmatched.
Our team is comprised of sharp, motivated individuals deeply committed to our mission. We operate with speed and intensity, taking full ownership from initial concept to long-term outcomes. We maintain close relationships with our customers, ensuring we solve real problems with urgency and care. If you thrive in ambiguity, demand excellence, and are eager to shape the future of work alongside those who consistently raise the bar, we invite you to build with us.
At Harvey, the future of professional services is being written today – and we're just getting started.
Your Mission: Staff Software Engineer, Product Security – Securing Transformative AI
As a Staff Software Engineer on Harvey's Product Security team, you will play a pivotal role in embedding security deep into the DNA of our AI platform. Given that we store and process our customers’ most sensitive data, security isn't just a feature; it's paramount across every stage of our product lifecycle. You will lead the charge in securing critical product areas, driving high-leverage security initiatives that elevate the entire engineering organization's posture. This role demands a blend of hands-on technical mastery, cross-functional leadership, and impactful mentorship – a truly unique opportunity to define and build a product security program within a rapidly scaling company.
Our security philosophy is forged by collective offensive security experience: from white-hat system penetration and real-world incident response to deep dives into past data breaches. We rigorously engage in penetration tests and red team exercises with external security firms. Crucially, we are software engineers first and foremost, contributing code daily and approaching security with an engineering-centric mindset.
What You'll Deliver: Define, own, and execute the product security roadmap, strategically prioritizing initiatives based on risk, business impact, and engineering maturity. What You Bring to Harvey: 8+ years of hands-on experience in product security, application security, offensive security, and/or security-focused software engineering. Nice to Have: Experience building security programs or practices from the ground up within hyper-growth startups. Compensation: Depending on your location, an Applicant Privacy Notice may apply to you. You can find all of our Applicant Privacy Notices here.
Establish and continuously evolve the security posture across the entire engineering organization, setting scalable standards that grow with Harvey.
Collaborate closely with Product Engineering, Infrastructure, and Platform teams to integrate secure design principles from inception to deployment.
Own and rigorously review security-critical code, particularly in core areas like authentication and access control.
Architect and implement secure-by-default libraries and tools, making the most secure development path the easiest choice for our engineers.
Lead mitigation strategies during security incident responses, orchestrating seamless cross-functional efforts.
Elevate the security expertise across teams by mentoring engineers, conducting thorough code and design reviews, and providing expert technical guidance.
A demonstrated track record of identifying and remediating software vulnerabilities, evidenced by CVEs, bug bounty awards, published research, or significant prior work experience.
Proven ability to lead complex cross-functional security initiatives, delivering measurable improvements and influencing engineering teams without direct authority.
Experience mentoring senior engineers and fostering security talent within an engineering organization.
Exceptional programming skills, with a proven ability to write high-quality, production-grade software.
Outstanding communication and collaboration skills, particularly in translating complex security risks into clear business terms for non-security stakeholders.
Deep expertise with cloud environments (Azure, GCP, AWS) and cloud-native security patterns.
Familiarity with AI/ML systems and the emerging security considerations for large language model (LLM)-based applications.
$220,000 - $330,000
#LI-KV1
Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.
We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made by emailing [email protected]