OR · On-site
Lead manual and automated code review efforts to discover vulnerabilities, weaknesses, and anti-patterns in the Harness platform. * Implement and operate security tooling including SAST, DAST, and ...
Sr. II Security Analyst - Vulnerabilities
New York, NY · On-site
$105K - $137K/yr
Proactively discover and enumerate vulnerabilities that may not be caught by our scanning tool (e.g. devices default passwords and open Windows shares) * Coordinate remediation efforts with ...
Sr. II Security Analyst - Vulnerabilities
New York, NY · On-site
$105K - $137K/yr
Proactively discover and enumerate vulnerabilities that may not be caught by our scanning tool (e.g. devices default passwords and open Windows shares) * Coordinate remediation efforts with ...
Sr. Security Engineer, AWS Security
Seattle, WA · On-site
$130K - $178K/yr
You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Sr. Security Engineer, AWS Security
Seattle, WA · On-site
$130K - $178K/yr
You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Sr. Security Engineer, AWS Security
Seattle, WA · On-site
$130K - $178K/yr
You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Sr. Security Engineer, AWS Security
Seattle, WA · On-site
$130K - $178K/yr
You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Tempest Engineer
Linthicum, MD · On-site
$200K - $220K/yr
Perform TEMPEST Field testing of cryptographic equipment to discover vulnerabilities in secure systems. * Provide Subject Matter Expert (SME) support when a cryptographic device has a TEMPEST ...
Tempest Engineer
Linthicum, MD · On-site
$200K - $220K/yr
Perform TEMPEST Field testing of cryptographic equipment to discover vulnerabilities in secure systems. * Provide Subject Matter Expert (SME) support when a cryptographic device has a TEMPEST ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Quick apply
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Responsible reporting of security related incidents including development of protective or corrective measures to discover vulnerabilities. * Familiarity with conducting research and analysis ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
... tests; discover vulnerabilities in information systems. 10. Participate in IT security compliance and audit efforts (eg PCI DSS ) Qualifications College degree (relevant field) or equivalent ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
... tests; discover vulnerabilities in information systems. 10. Participate in IT security compliance and audit efforts (eg PCI DSS ) Qualifications College degree (relevant field) or equivalent ...
Working side by side with top-tier CNO developers and hardware engineers, you'll discover vulnerabilities and create proof of concepts on embedded systems. Our fast-growing roster of government ...
Working side by side with top-tier CNO developers and hardware engineers, you'll discover vulnerabilities and create proof of concepts on embedded systems. Our fast-growing roster of government ...
Systems Engineer
Mclean, VA · On-site
Conduct penetration testing to discover vulnerabilities in the systems before they can be exploited Position Requirements: * 4 to 8 years of relevant professional experience OR 0 to 4 years of ...
Systems Engineer
Mclean, VA · On-site
Conduct penetration testing to discover vulnerabilities in the systems before they can be exploited Position Requirements: * 4 to 8 years of relevant professional experience OR 0 to 4 years of ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. MEANINGFUL WORK AND PERSONAL IMPACT As an Operations Analyst Technician, the work youll do at ARMA will ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. MEANINGFUL WORK AND PERSONAL IMPACT As an Operations Analyst Technician, the work youll do at ARMA will ...
Senior Security Engineer, AI Red Team, Threat Operations
$117K - $160K/yr
You'll execute complex security assessments, discover vulnerabilities in AI infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Senior Security Engineer, AI Red Team, Threat Operations
$117K - $160K/yr
You'll execute complex security assessments, discover vulnerabilities in AI infrastructure and applications, and translate technical findings into actionable recommendations. This position requires ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
... discover vulnerabilities in information systems. 10. Participate in IT security compliance and audit efforts (eg PCI DSS ) Qualifications • College degree (relevant field) or equivalent experience ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
... discover vulnerabilities in information systems. 10. Participate in IT security compliance and audit efforts (eg PCI DSS ) Qualifications • College degree (relevant field) or equivalent experience ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. MEANINGFUL WORK AND PERSONAL IMPACT As an Operations Analyst Technician, the work you'll do at ARMA will ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. MEANINGFUL WORK AND PERSONAL IMPACT As an Operations Analyst Technician, the work you'll do at ARMA will ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. * Experience with knowledge management, legal implications of identity data and US policy in conducting ...
Experience conducting online research and analysis for discover, vulnerabilities, and threats. * Experience with knowledge management, legal implications of identity data and US policy in conducting ...
Systems Engineer
Mclean, VA · On-site
Conduct penetration testing to discover vulnerabilities in the systems before they can be exploited Position Requirements: * 4 to 8 years of relevant professional experience OR 0 to 4 years of ...
Systems Engineer
Mclean, VA · On-site
Conduct penetration testing to discover vulnerabilities in the systems before they can be exploited Position Requirements: * 4 to 8 years of relevant professional experience OR 0 to 4 years of ...
Working side by side with top-tier CNO developers and hardware engineers, you'll discover vulnerabilities and create proof of concepts on embedded systems. Our fast-growing roster of government ...
Working side by side with top-tier CNO developers and hardware engineers, you'll discover vulnerabilities and create proof of concepts on embedded systems. Our fast-growing roster of government ...
Discover Vulnerabilities information
What is the difference between Discover Vulnerabilities vs Penetration Tester?
| Aspect | Discover Vulnerabilities | Penetration Tester |
|---|---|---|
| Certifications | CompTIA Security+, CEH | OSCP, CEH, GPEN |
| Work Environment | Security teams, vulnerability management tools | Ethical hacking engagements, simulated attacks |
| Industry Usage | IT security, risk assessment | Security consulting, offensive security |
| Search & Comparison Intent | Understanding vulnerability identification | Assessing security through active testing |
Discover Vulnerabilities focuses on identifying security weaknesses within systems, often through scanning and analysis. Penetration Testers go a step further by actively exploiting these vulnerabilities to evaluate security defenses. While both roles require similar certifications and work in cybersecurity, penetration testers perform simulated attacks to test defenses, whereas discover vulnerabilities primarily involves detection and reporting.
Job description
About the Role
Product Security is responsible for ensuring the continuous security of Harness customer-facing products and internal tools. The team is focused on proactively discovering security weaknesses, driving and advising risk remediation, building a paved road for developers to adopt secure development practices, and developing partnerships with engineering and product teams to accelerate the release of software with security by design.
The Staff Product Security Engineer is a senior individual contributor who sets the technical direction for Harness's product security posture. You will define programs, lead complex cross-team initiatives, and make foundational decisions that protect our platform and customers at scale. You operate with significant autonomy, are expected to influence engineering culture, and are the go-to authority on security architecture and strategy.
What You Will Do- Design and develop product security APIs, tools, and utilities for internal and external stakeholders.
- Conduct threat modeling and secure design reviews for application backend services and business integrations.
- Perform advanced penetration tests and adversarial attack simulations against Harness modules, APIs, and codebase using industry-standard frameworks.
- Lead manual and automated code review efforts to discover vulnerabilities, weaknesses, and anti-patterns in the Harness platform.
- Implement and operate security tooling including SAST, DAST, and SCA, and integrate these into CI/CD pipelines.
- Consult and advise developers and Product Managers on security standards, vulnerability remediation, and security architecture.
- Assess risks and trade-offs, and propose solutions for product security features such as authentication and authorization.
- Participate in the creation, review, and implementation of technical security standards across global engineering teams.
- Use the Harness platform to integrate security processes like vulnerability management into the SDLC.
- Collaborate cross-functionally with Engineering and Product to accelerate the release of software with security by design.
- BS in Computer Science or a related degree.
- 5+ years of relevant industry experience with a strong security focus.
- Solid experience with DevSecOps practices and secure SDLC methodologies.
- Good working knowledge of cyber security frameworks including OWASP, SANS, NIST, and CIS.
- Ability to describe software supply chain risks and Secure SDLC best practices.
- Experience with public or private cloud environments such as K8s, AWS, GCP, or Azure.
- Professional knowledge of enterprise applications, API development, and modern software delivery processes.
- Previous experience in a cloud-native environment.
- Proficiency in Java or a comparable language and object-oriented programming methodology.
- Hands-on experience with security testing tools and vulnerability management workflows.