Software Engineer, Product Security

WHY HARVEY Harvey is a secure AI platform for legal and professional services that augments productivity and automates complex workflows. Harvey uses algorithms with reasoning-adept LLMs that have been customized and developed by our expert team of lawyers, engineers and research scientists. We've found product market fit and are scaling our team very quickly. Some reasons to join Harvey are: - Exceptional product market fit: We have partnered with the largest law firms and professional service providers in the world, including Paul Weiss https://news.bloomberglaw.com/business-and-practice/paul-weiss-assessing-value-of-ai-but-not-yet-on-bottom-line, A&O Shearman https://www.allenovery.com/en-gb/global/news-and-insights/news/ao-announces-exclusive-launch-partnership-with-harvey, Ashurst https://www.ashurst.com/en/who-we-are/our-news-work-market-recognition/ashurst-launches-global-harvey-partnership-following-extensive-firmwide-trial, O'Melveny & Myers, PwC https://www.pwc.com/gx/en/news-room/press-releases/2023/pwc-announces-strategic-alliance-with-harvey-positioning-pwcs-legal-business-solutions-at-the-forefront-of-legal-generative-ai.html, KKR, and many others. - Strategic investors: Raised over $500 million https://www.harvey.ai/blog/harvey-raises-series-d from strategic investors including Sequoia, Google Ventures, Kleiner Perkins, and OpenAI. - World-class team: Harvey is hiring the best talent https://www.linkedin.com/company/harvey-ai/people/ from DeepMind, Google Brain, Stripe, FAIR, Tesla Autopilot, Glean, Superhuman, Figma, and more. - Partnerships: Our engineers and researchers work directly with OpenAI to build the future of generative AI and redefine professional services. - Performance: 4x ARR in 2024. - Competitive compensation. ROLE OVERVIEW Some of the world's largest companies and their law firms use Harvey's AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time. Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else. As part of the Product Security team, you'll help ensure Harvey is built in the most secure way possible. You'll take ownership of securing a specific part of the product and build strong relationships with the developers working in that area. With these insights, you'll advocate for and implement high-leverage security controls across the organization. Our security program at Harvey is driven by our collective offensive security experience: Breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies' data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset. WHAT YOU'LL DO - Partner closely with engineering teams to incorporate secure design principles at every stage of development - Review security-critical code and own key parts of the product, including authentication and access control - Contribute meaningfully to the Harvey code base. Some prior projects include: - Refactoring our authentication stack to improve streamline execution - Removing password use from the application - Designing secure APIs for critical data access - Build secure-by-default libraries and tools that make the secure path the easiest and most attractive choice for developers and their AI agents - Audit the existing codebase for vulnerabilities - Improve our static analysis and vulnerability management tooling - Discover vulnerabilities through red team exercises - Participate in and drive mitigation strategies during security related incident responses WHAT YOU HAVE - 4+ years of experience in product security, application security, offensive security, and/or security-focused software engineering - Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams - Proven ability to identify software vulnerabilities, demonstrated through CVEs, bug bounty awards, blog posts, or prior work experience - Strong communication and collaboration skills, particularly with engineering teams BONUS - Open source contributions - Experience managing cloud environments (e.g. Azure, GCP, AWS) - Experience working at or with a small company or a hyper-growth startup

Harvey is a secure AI platform for legal and professional services that augments productivity and automates complex workflows. Harvey uses algorithms with reasoning-adept LLMs that have been customized and developed by our expert team of lawyers, engineers and research scientists. We've found product market fit and are scaling our team very quickly.