Staff Software Engineer (AppSec)

Harness•Mountain View, CA

5d•$181,000 - $226,000

About The Position

This role comes under the AppSec Foundations charter, focused on designing and developing core authentication, authorization, and common services infrastructure that powers Harness's security ecosystem. The team is responsible for building foundational RBAC systems, service-to-service authentication, audit logging, and common security services that enable secure access control across all Harness modules including AppSec Platform, CI/CD, and other product offerings. The Foundations team serves as the security backbone for Harness's multi-product platform, providing essential authentication and authorization services that ensure secure, scalable access management across the entire software delivery lifecycle.

Requirements

Education: Bachelor's or Master's degree in Computer Science, Software Engineering, or related technical field
Experience: 6-10 years of backend engineering experience with strong focus on security, authentication, and distributed systems
Core Technologies: Proficiency in JVM-based languages (Java, Scala, Kotlin) with expertise in building production-grade microservices
Security Expertise: Deep understanding of authentication protocols (OAuth 2.0, OIDC, JWT), RBAC systems, and modern authorization patterns
API Development: Experience with RESTful APIs, GraphQL, and designing secure API architectures with proper access controls
Distributed Systems: Strong knowledge of distributed system patterns, service mesh architectures, and microservices design principles
Database Technologies: Experience with both SQL and NoSQL databases, with understanding of data security and encryption at rest
Cloud Platforms: Hands-on experience with cloud platforms (AWS, GCP, Azure) and container orchestration (Kubernetes)

Nice To Haves

Experience with secrets management systems (HashiCorp Vault, AWS Secrets Manager, etc.)
Knowledge of compliance frameworks (SOC 2, FedRAMP, GDPR) and enterprise security requirements
Understanding of CI/CD security patterns and DevSecOps practices
Experience with audit logging systems and SIEM integration
Familiarity with infrastructure as code and GitOps methodologies
Previous experience in security-focused engineering roles or enterprise authentication systems

Responsibilities

You will design and implement scalable authentication and authorization systems using modern RBAC patterns and industry best practices
You will build high-performance, low-latency microservices for identity management, token validation, and access control that serve millions of API calls
You will develop audit logging and compliance systems that meet enterprise security requirements and regulatory standards
You will collaborate closely with AppSec Platform, CI/CD, and other product teams to integrate security services seamlessly
You will solve complex distributed systems challenges around service-to-service authentication, token management, and secrets rotation
You will work with SRE teams to ensure high availability and operational excellence of critical security infrastructure
You will contribute to API design and GraphQL schemas that provide secure, efficient access to organizational resources

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume