Senior / Staff Product Security Engineer

San Francisco

Full-time

Why Harvey

Harvey will be a category-defining company for the application layer built on top of foundation models like GPT-4.

  • Exceptional product market fit: multiple multi-million dollar deals with the largest professional service providers (e.g. PwC) and the largest law firms on Earth (e.g. Allen & Overy).

  • Massive demand: 15,000 law firms on our waitlist.

  • World-class team: ex-DeepMind, Google Brain, FAIR, Tesla Autopilot. Former founding engineers at $1B+ startups like Superhuman and Glean.

  • Work directly with OpenAI to build the future of generative AI and redefine professional services.

  • Top of market cash and equity compensation.

Challenges

We are building systems that can automate the most complex knowledge work in the world, e.g. billion dollar litigations and corporate transactions.

  • Dealing with the most sensitive data in the world: client data from the largest companies in the world.

  • Working past the edge of published AI research: tackling problems far beyond the complexity of existing AI benchmarks.

  • Unsolved product, architectural, and business problems: natural language interfaces, prohibitively expensive evaluation of models, massive marginal costs, versioning / training / segregating models per task / legal system / practice area / client and client’s clients.

Role

Some of the word’s largest companies and their law firms use Harvey to make sense of their legal documents and automate legal work. Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else.

You will report to our Head of Security and take ownership of Product Security at Harvey. As an early member of our Security team, you will help lay the foundations of the security and privacy of our products.

Our security program at Harvey is driven by our collective offensive security experience: Breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We conduct regular pentests and red team exercises with external security firms.

Responsibilities

  • Closely work with engineering teams to incorporate secure design principles into engineering designs.

  • Review security-critical code and act as Codeowner for security-critical parts of the product, including authentication, access control, and administration.

  • Make well-scoped code contributions, e.g. add unit and integration tests for security controls, implement security features in collaboration with engineering teams

  • Manage the security aspects of our release process

  • Audit the existing codebase for vulnerabilities

  • Improve our static analysis and vulnerability management tooling

  • Discover vulnerabilities through red team exercises

  • Participate in and drive mitigation strategies during security related incident responses.

Qualifications

  • Experience working at or with a small company or a hyper-growth startup.

  • Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams.

  • Demonstrated ability to identify vulnerabilities in software, e.g. through CVEs, bug bounty awards, blog posts, prior work experience, etc.

  • Experience with generative AI or legal is not required.

Experience

  • 4+ years’ experience in security-focused software engineering.

  • Corresponding Google level is L5-L6: Senior or Staff.

Bonus

  • Open source contributions.

  • Experience managing cloud environments (e.g. Azure, GCP, AWS)

Let’s build the future together.

Apply