Senior Product Security Engineer

Why Harvey At Harvey, we’re transforming how legal and professional services operate. By combining frontier agentic AI, an enterprise-grade platform, and deep domain expertise, we’re reshaping how critical knowledge work gets done for decades to come. This is a rare chance to help build a generational company at a true inflection point. With 1500+ customers in 60+ countries, strong product-market fit, and world-class investor support, we’re scaling fast and defining a new category in real time. The work is ambitious, the bar is high, and the opportunity for growth — personal, professional, and financial — is unmatched. Our team moves fast, takes ownership, and is deeply committed to the mission — operating with intensity, staying close to our customers, and pushing each other for excellence. We live by three values: Decisiveness, Simplicity, and Job's Not Finished. We act quickly on clear judgment over perfect information, we believe simplicity is what scales, and we're never satisfied with where we are. If you want to do the best work of your career alongside people who share that drive, we'd love to build with you. At Harvey, the future of professional services is being written today — and we’re just getting started. Role Overview As a Senior Software Engineer on the Product Security team at Harvey, you'll be a key technical contributor shaping how security is built into our AI platform. We store and process our customers’ most sensitive data, and as a result, security is paramount at every stage of our product lifecycle. You'll own the security of critical product areas, conduct deep vulnerability research and code review, and partner closely with engineering teams to raise the security bar in the areas you work in (both for humans and agents). You’ll implement both technical controls and security features within the Harvey platform. Our security program is driven by our collective offensive security experience: breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset. What You’ll Do Help define and implement security standards across the teams you partner with Incorporate secure design principles at every stage of development Own and review security-critical code across key parts of the product, including authentication and access control Build secure-by-default libraries and tooling that make secure path easier for the engineers Drive mitigation during security-related incidents, working cross-functionally as needed with Detection & Response as well as other teams Mentor engineers and raise the security bar across teams through code reviews, design reviews, and technical guidance What You Have  5+ years of experience in product security, application security, offensive security, and/or security-focused software engineering Long track record of identifying and remediating software vulnerabilities, demonstrated through CVEs, bug bounty awards, published research, or prior work experience Ability to collaborate on cross-functional security initiatives and influence engineering teams on security best practices Experience educating engineers to improve security practices across a team Strong programming skills with demonstrated experience writing high-quality, production software Strong communication and collaboration skills across technical and non-technical audiences Track record of executing on complex security projects and delivering measurable security improvements Nice to Have Experience building security programs or practices at hyper-growth startups Background with cloud environments (Azure, GCP, AWS) and cloud-native security patterns Experience with AI/ML systems and emerging security considerations for LLM-based applications Compensation Range $188,000-282,000 USD Depending on your location, an Applicant Privacy Notice may apply to you. You can find all of our Applicant Privacy Notices [ here ]. #LI-KV1 Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made by emailing [email protected]

{
  "content_hash": "a5e9b627f97d018a3385221142a97baad12977d4597f52b574778054e97333ea",
  "source_hash": "e4367afa84143a926a057e0fb6a10c1a6a646d3d23e1adb9da9158bbeda8349a",
  "last_changed_at": "2026-05-29T05:52:07.134Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "San Francisco",
    "city": "San Francisco",
    "region": "CA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.75
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-19T09:21:24.291Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "San Francisco",
      "city": "San Francisco",
      "region": "CA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.75
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": null,
  "workplace_type": "hybrid",
  "salary_currency": null
}

{}

{
  "id": "50a8df2a-c50e-4326-ae90-0c9f8ee0cf1d",
  "team": "Security",
  "title": "Senior Product Security Engineer",
  "jobUrl": "https://jobs.ashbyhq.com/harvey/50a8df2a-c50e-4326-ae90-0c9f8ee0cf1d",
  "address": null,
  "applyUrl": "https://jobs.ashbyhq.com/harvey/50a8df2a-c50e-4326-ae90-0c9f8ee0cf1d/application",
  "isListed": true,
  "isRemote": false,
  "location": "San Francisco",
  "updatedAt": null,
  "apiVersion": "ashby-non-user-graphql-v1",
  "department": "Security",
  "publishedAt": null,
  "workplaceType": "Hybrid",
  "employmentType": "FullTime",
  "secondaryLocations": []
}