Job Description

Harness is a high-growth company that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers’ pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs. The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights and continues to expand at an incredibly fast pace.

Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We’re backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.

Position Summary

An Engineering Manager (GRC) will be a member within the Information Security organization working across the business to advise, build, and operate security and compliance programs at scale. Using industry standards and best practices, an Engineering Manager (GRC) is responsible for delivering security projects, programs, and continuous compliance at scale.

As an Engineering Manager (GRC), you will participate in efforts to automate, improve, and maintain security and compliance requirements, design solutions that support Harness’ risk management and security goals (automating User Access Reviews, generating SBOMs, DLP management, etc.), and collaborate directly with business and engineering teams to preserve velocity with security. You will be responsible for defining, building, documenting, and implementing technical security and compliance controls and processes, and measuring the effectiveness of those programs and controls.

As an Engineering Manager (GRC) within the Information Security organization, you will work across the business to advise, build, and operate security and compliance programs at scale. You will deliver security projects, programs, and continuous compliance using industry standards and best practices.

In this role, you will automate, improve, and maintain security and compliance requirements. You will design solutions that support Harness’ risk management and security goals, such as automating User Access Reviews, generating SBOMs, and managing DLP. You will collaborate directly with business and engineering teams to preserve velocity with security. Additionally, you will define, build, document, and implement technical security and compliance controls and processes, and measure their effectiveness.

About The Role

• Design and develop GRC tools and utilities for internal and external stakeholders (IAM and Customer Trust Automation).
• Design and operate technical security and compliance controls across our cloud environments, systems, and end user workstations (CIS Benchmarks, STIGs, CSPM Remediation, Workstation Vulnerability Management, Browser Security).
• Use the Harness Software Delivery Platform to to generate SBOMs, ensure software integrity and compliance, and support efforts to maintain Supply-chain Levels for Software Artifacts (SLSA) Level 3.
• Manage Harness’ Data Loss Prevention (DLP) operations program across the organization
• Manage and remediate public rating security scores from third party applications.
• Become the Harness Platform subject matter expert, from the GRC perspective, to help generate Customer Trust collateral and whitepapers.

About You

• You have at least 7 years of relevant industry experience.
• You have previous experience in a cloud-native environment (AWS, GCP, or Azure);
• You want to work in a high-growth environment and build new programs from scratch;
• You are a self starter and able to work independently with little supervision
• You are proactive, results driven, an excellent collaborator and communicator.
• You care about the details, and are willing to ask questions when you’re unsure; and,
• You are comfortable handling the unknown, and seek to bring clarity in ambiguous situations.
• You are able to articulate complex and technical issues into business language
• You are an expert in python, javascript, and/or other languages
• You have exposure to or experience with Kubernetes, SBOMs, SLSA, DLP, and OPA