Software Engineer, Product Security

Why Harvey

At Harvey, we’re transforming how legal and professional services operate — not incrementally, but end-to-end. By combining frontier agentic AI, an enterprise-grade platform, and deep domain expertise, we’re reshaping how critical knowledge work gets done for decades to come.

This is a rare chance to help build a generational company at a true inflection point. With 500+ customers in 50+ countries, strong product-market fit, and world-class investor support, we’re scaling fast and defining a new category in real time. The work is ambitious, the bar is high, and the opportunity for growth — personal, professional, and financial — is unmatched.

Our team is sharp, motivated, and deeply committed to the mission. We move fast, operate with intensity, and take real ownership of the problems we tackle — from early thinking to long-term outcomes. We stay close to our customers — from leadership to engineers — and work together to solve real problems with urgency and care. If you thrive in ambiguity, push for excellence, and want to help shape the future of work alongside others who raise the bar, we invite you to build with us.

At Harvey, the future of professional services is being written today — and we’re just getting started.

Role Overview

Some of the world's largest companies and their law firms use Harvey’s AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time. 

Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else.

As part of the Product Security team, you’ll help ensure Harvey is built in the most secure way possible. You’ll take ownership of securing a specific part of the product and build strong relationships with the developers working in that area. With these insights, you’ll advocate for and implement high-leverage security controls across the organization.

Our security program at Harvey is driven by our collective offensive security experience: Breaking into systems at other companies (in white-hat capacities), responding to real security incidents, and learning from other companies’ data breaches. We regularly conduct penetration tests and red team exercises with external security firms. At the same time, we are all software engineers - contributing code daily and approaching security with an engineering-first mindset. 

What You’ll Do

• Partner closely with engineering teams to incorporate secure design principles at every stage of development

• Review security-critical code and own key parts of the product, including authentication and access control

• Contribute meaningfully to the Harvey code base. Some prior projects include:

  • Refactoring our authentication stack to improve streamline execution

  • Removing password use from the application

  • Designing secure APIs for critical data access

• Build secure-by-default libraries and tools that make the secure path the easiest and most attractive choice for developers and their AI agents

• Audit the existing codebase for vulnerabilities

• Improve our static analysis and vulnerability management tooling

• Discover vulnerabilities through red team exercises

• Participate in and drive mitigation strategies during security related incident responses

What You Have 

• 4+ years of experience in product security, application security, offensive security, and/or security-focused software engineering

• Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams

• Proven ability to identify software vulnerabilities, demonstrated through CVEs, bug bounty awards, blog posts, or prior work experience

• Strong communication and collaboration skills, particularly with engineering teams

Bonus

• Open source contributions

• Experience managing cloud environments (e.g. Azure, GCP, AWS)

• Experience working at or with a small company or a hyper-growth startup

Compensation Range

$215,000 - $250,000 USD

Please find our CA applicant privacy notice here.

#LI-KV1

Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made by emailing interview-help@harvey.ai.