Product Security Engineer

Why Harvey

Harvey is a secure AI platform for professionals in law, tax, and finance that augments productivity and automates complex workflows. Harvey uses algorithms with reasoning-adept LLMs that have been customized by our expert team of lawyers, engineers and research scientists. We’ve found product market fit and are scaling our team very quickly. Some reasons to join Harvey are:

• Exceptional product market fit: We have partnered with the largest law firms and professional service providers in the world like A&O, PwC, and many others.
• Strategic investors: Raised over $100 million from strategic investors including Sequoia, Kleiner Perkins, and the OpenAI Startup Fund.
• World-class team: Harvey is hiring the best technical and non-technical talent from places like DeepMind, Google Brain, Stripe, FAIR, Tesla Autopilot, Superhuman, and Glean.
• Partnerships: Our engineers and researchers work directly with OpenAI to build the future of generative AI and redefine professional services.
• Performance: $0-20M ARR in the last 12 months.
• Value: Top of market cash and equity compensation.

Role

Some of the word’s largest companies and their law firms use Harvey to make sense of their legal documents and automate legal work. Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else.

You will report to our Head of Security and take ownership of Product Security at Harvey. As an early member of our Security team, you will help lay the foundations of the security and privacy of our products.

Our security program at Harvey is driven by our collective offensive security experience: Breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We conduct regular pentests and red team exercises with external security firms.

Responsibilities

• Closely work with engineering teams to incorporate secure design principles into engineering designs.
• Review security-critical code and act as Codeowner for security-critical parts of the product, including authentication, access control, and administration.
• Make well-scoped code contributions, e.g. add unit and integration tests for security controls, implement security features in collaboration with engineering teams.
• Manage the security aspects of our release process.
• Audit the existing codebase for vulnerabilities.
• Improve our static analysis and vulnerability management tooling.
• Discover vulnerabilities through red team exercises.
• Participate in and drive mitigation strategies during security related incident responses.

Qualifications

• 4+ years’ experience in security-focused software engineering.
• Experience working at or with a small company or a hyper-growth startup.
• Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams.
• Demonstrated ability to identify vulnerabilities in software, e.g. through CVEs, bug bounty awards, blog posts, and prior work experience.

Bonus

• Open source contributions.
• Experience managing cloud environments (e.g. Azure, GCP, AWS)

Compensation

In consideration of market analysis and relevant factors, the salary range for this position is set between $200,000 and $280,000. However, adjustments outside of this range may be considered for candidates whose qualifications significantly differ from those outlined in the job description. Additionally, this role is eligible to participate in our equity plan and benefits program. Benefits include, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits (401k match up to 4%), and flexible PTO.

Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.