Product Security Engineer

Harvey is a secure AI platform for legal and professional services that augments productivity and automates complex workflows. Harvey uses algorithms with reasoning-adept LLMs that have been customized and developed by our expert team of lawyers, engineers and research scientists. We’ve found product market fit and are scaling our team very quickly. Some reasons to join Harvey are:

• Exceptional product market fit: We have partnered with the largest law firms and professional service providers in the world, including Paul Weiss, A&O Shearman, Ashurst, O'Melveny & Myers, PwC, KKR, and many others.

• Strategic investors: Raised over $500 million from strategic investors including Sequoia, Google Ventures, Kleiner Perkins, and OpenAI.

• World-class team: Harvey is hiring the best talent from DeepMind, Google Brain, Stripe, FAIR, Tesla Autopilot, Glean, Superhuman, Figma, and more.

• Partnerships: Our engineers and researchers work directly with OpenAI to build the future of generative AI and redefine professional services.

• Performance: 4x ARR in 2024.

• Competitive compensation.

Some of the world's largest companies and their law firms use Harvey’s AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time. 

Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else.

As part of the Product Security team, you’ll help ensure Harvey is built in the most secure way possible. You’ll take ownership of securing a specific part of the product and build strong relationships with the developers working in that area. With these insights, you’ll advocate for and implement high-leverage security controls across the organization.

Our security program at Harvey is driven by our collective offensive security experience: Breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset. 

• Partner closely with engineering teams to incorporate secure design principles at every stage of development

• Review security-critical code and own key parts of the product, including authentication and access control

• Contribute meaningfully to the Harvey code base. Some prior projects include:

  • Refactoring our authentication stack to improve streamline execution

  • Removing password use from the application

  • Designing secure APIs for critical data access

• Build secure-by-default libraries and tools that make the secure path the easiest and most attractive choice for developers and their AI agents

• Audit the existing codebase for vulnerabilities

• Improve our static analysis and vulnerability management tooling

• Discover vulnerabilities through red team exercises

• Participate in and drive mitigation strategies during security related incident responses

• 4+ years of experience in product security, application security, offensive security, and/or security-focused software engineering

• Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams

• Proven ability to identify software vulnerabilities, demonstrated through CVEs, bug bounty awards, blog posts, or prior work experience

• Strong communication and collaboration skills, particularly with engineering teams

• Open source contributions

• Experience managing cloud environments (e.g. Azure, GCP, AWS)

• Experience working at or with a small company or a hyper-growth startup

Please find our CA applicant privacy notice here.

Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.

We are in the early innings of a generational company. Joining early at a hypergrowth startup has proven to lead to exponential growth in responsibility, access, and ability. Apply here today!