Staff Software Engineer (AppSec)

Position Summary

This role comes under the AppSec Foundations charter, focused on designing and developing core authentication, authorization, and common services infrastructure that powers Harness's security ecosystem. The team is responsible for building foundational RBAC systems, service-to-service authentication, audit logging, and common security services that enable secure access control across all Harness modules including AppSec Platform, CI/CD, and other product offerings.

The Foundations team serves as the security backbone for Harness's multi-product platform, providing essential authentication and authorization services that ensure secure, scalable access management across the entire software delivery lifecycle.

About the Role

• You will design and implement scalable authentication and authorization systems using modern RBAC patterns and industry best practices
• You will build high-performance, low-latency microservices for identity management, token validation, and access control that serve millions of API calls
• You will develop audit logging and compliance systems that meet enterprise security requirements and regulatory standards
• You will collaborate closely with AppSec Platform, CI/CD, and other product teams to integrate security services seamlessly
• You will solve complex distributed systems challenges around service-to-service authentication, token management, and secrets rotation
• You will work with SRE teams to ensure high availability and operational excellence of critical security infrastructure
• You will contribute to API design and GraphQL schemas that provide secure, efficient access to organizational resources

About You

• Education: Bachelor's or Master's degree in Computer Science, Software Engineering, or related technical field
• Experience: 6-10 years of backend engineering experience with strong focus on security, authentication, and distributed systems
• Core Technologies: Proficiency in JVM-based languages (Java, Scala, Kotlin) with expertise in building production-grade microservices
• Security Expertise: Deep understanding of authentication protocols (OAuth 2.0, OIDC, JWT), RBAC systems, and modern authorization patterns
• API Development: Experience with RESTful APIs, GraphQL, and designing secure API architectures with proper access controls
• Distributed Systems: Strong knowledge of distributed system patterns, service mesh architectures, and microservices design principles
• Database Technologies: Experience with both SQL and NoSQL databases, with understanding of data security and encryption at rest
• Cloud Platforms: Hands-on experience with cloud platforms (AWS, GCP, Azure) and container orchestration (Kubernetes)

Preferred Qualifications

• Experience with secrets management systems (HashiCorp Vault, AWS Secrets Manager, etc.)
• Knowledge of compliance frameworks (SOC 2, FedRAMP, GDPR) and enterprise security requirements
• Understanding of CI/CD security patterns and DevSecOps practices
• Experience with audit logging systems and SIEM integration
• Familiarity with infrastructure as code and GitOps methodologies
• Previous experience in security-focused engineering roles or enterprise authentication systems

Technical Focus Areas

• Authentication and Authorization Infrastructure
• RBAC and Access Control Systems
• Service-to-Service Authentication
• Audit Logging and Compliance
• API Security and Token Management
• Secrets Management and Rotation
• Common Security Services