Staff Security Engineer - GRC

A Staff Security Engineer will be a member of the GRC team working within the Information Security organization and across the business to advise, build, and operate security and compliance programs at scale.  Utilizing in-depth expertise across multiple disciplines, a Senior Security Analyst is responsible for executing various components of Harness’ security posture and overseeing end-to-end solutions to complex problems.

 

As a Staff Security Engineer, you will lead security efforts to acquire and maintain compliance certifications (e.g., SOC 2, ISO 27001, ISO 27017, ISO 27018,  PCI-DSS, and HIPAA), design solutions that enable Harness’ security goals, and collaborate directly with business and engineering teams to preserve velocity while ensuring security.  You will be responsible for defining and implementing security and compliance capabilities, as well as leading efforts to provide transparency to customers, prospects, and internal stakeholders.

In this role, you will: 

• Own the PCI-DSS program at Harness as the subject matter expert
• Design, implement, and continuously monitor PCI-DSS controls, collaborating with engineering teams to ensure the PCI environment is properly scoped, segmented, and secured;
• Contribute precise and actionable guidance to ensure security and privacy by design for engineering and business initiatives;
• Lead and deliver internal and external audits, risk assessments, and annual compliance certifications across the technical estate;
• Execute core security capabilities such as policy and procedure development, and security awareness and training requirements;  
• Support customer trust initiatives such as reviewing contracts for security and privacy requirements, completing questionnaires and requests, and maintaining our customer trust portal; 
• Continuously monitor and manage supply chain security and vendor risk management;
• Drive security and compliance across the business through empathetic partnership.
• Measure control and program effectiveness, recommending new strategies to manage risk;
• Articulate Harness’s security capabilities and controls to enterprise customers or auditors; and 
• Identify security gaps, develop or support the development of a path forward to address them, and ensure the plan is fully executed and working as intended.

About You

• You have at least 5-8 years of relevant industry experience.
• You have exposure to industry regulations, frameworks, and compliance certifications (ISO 27001, SOC 2, PCI, NIST, FedRAMP, SOX, HIPAA etc.);
• You have previous experience in a cloud-native environment (AWS, GCP, or Azure);
• You have previous experience assessing and utilizing AI in a secure environment.
• You have exposure to or experience with Kubernetes, SBOMs, SLSA, and/or DLP
• You have previous experience with GRC tools or building automation.
• You have a strong cybersecurity acumen.
• You have a solid technical proficiency.
• You want to work in a high-growth environment and build new programs from scratch;
• You have a keen attention to detail.
• You are comfortable handling the unknown, and you can bring clarity to ambiguous situations; and,
• You are proactive, results-driven, and an excellent collaborator and communicator.

Bonus Points!

• You hold relevant security or technical certifications (ISO 27001 Lead Implementer or Lead Auditor, PCI QSA, CISA, CISSP, AWS/GCP Professional).
• You are familiar with what’s going on under the hood of the AWS or GCP console and can speak to best practices for configuration and management. 
• You are eager to learn and to invest your knowledge in junior colleagues.  
• You like to automate the boring stuff.  

Work Location

• Bangalore, India