Staff Infrastructure Security Engineer
About The Position
Some of the world's largest companies and their law firms use Harvey’s AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time. Security is at the heart of what we do. Our customers trust us with their most sensitive data, and we take that responsibility seriously. As part of our team, you’ll help us maintain a secure, trustworthy, and compliant platform—an essential foundation for everything we build. As a Staff Infrastructure Security Engineer, you’ll set the technical direction for secure-by-default infrastructure security across Harvey’s platform, establishing the patterns and standards the broader engineering organization builds on.This includes designing and implementing processes and technologies for least privilege, isolating different components, managing attack surface, and implementing layers of tenant isolation on our multi-tenant SaaS offering. You’ll also create frameworks and repeatable patterns that enable our research and engineering teams to move quickly and independently—without sacrificing security. Our security program at Harvey is driven by our collective offensive security experience: breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We regularly conduct penetration tests and red team exercises. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset.
Requirements
- 8+ years experience in Security Engineering, Software Engineering, or Site Reliability Engineering roles
- Demonstrated experience writing high-quality software and building production-grade infrastructure and raising the quality bar of engineering teams
- Strong fundamentals in networking, operating systems, and cryptographic protocols
- In-depth knowledge of Kubernetes, common misconfigurations, and privilege escalation vectors
- Demonstrated ability to find weaknesses (e.g. privilege escalation) in real-world cloud environments
- Experience applying security best practices in cloud environments (AWS, Azure, or Google Cloud)
- Track record of driving cross-functional security initiatives and influencing engineering decisions across teams
- Experience setting security standards and best practices at an organizational scale
Nice To Haves
- Familiarity with large-scale Infrastructure as Code (IaC) deployments
- Familiarity with Kubernetes Admission Controllers and policy enforcement
- Exposure to multi-cloud environments
- No experience with generative AI or legal required
Responsibilities
- Incorporate secure design principles into our cloud architecture.
- Develop isolation mechanisms (e.g. sandboxing) in collaboration with our product engineering team
- Review security-critical configuration changes and act as Codeowner for security-critical parts of our cloud configurations (everything is IaC)
- Audit our existing cloud environment for vulnerabilities
- Develop policies and procedures for the secure creation and operation of our cloud environments
- Define Harvey’s infrastructure security architecture and multi-year roadmap, translating security requirements into concrete engineering investments
- Establish reusable security patterns, standards, and guardrails that enable product and platform teams to build securely by default
- Mentor and develop other security engineers on the team, raising the overall technical bar
Benefits
- Compensation Range $220,000 - $330,000 USD
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
