Harvest

Harvest IS HIRING

Remote Software Engineer, Security job at Harvest

Apply Now

Harvest Engineering

At Harvest, you’ll be working with a team of honest and respectful engineers who value giving and receiving feedback and trust that they can count on each other.

The Harvest Engineering Department consists of four divisions: Software Engineering, Operations Engineering, Data & Security Engineering, and Quality Engineering.

Our Security team works with all the Engineering departments to keep our web, mobile, and desktop applications safe and secure, while helping the rest of the company maintain a secure work environment.


Why We’re Hiring

Security at Harvest previously existed as a shared responsibility between different teams at Harvest. We are now taking an important step to create a dedicated Security team within the Engineering organization. The Security Engineer would be a founding member of this brand new team at Harvest.

Requirements

As a Security Engineer at Harvest, you’ll be working to improve our security stance in all areas. Here are some real examples of the work we’ve done lately that might help you get a better idea of what this job entails:

  • Develop alerts to keep tabs on suspicious activity in our applications.
  • Monitor external credential breaches and force a password reset for users that could be affected.
  • Automate our security audits on work machines.
  • Deal with spam, credential stuffing, and fraud attempts.
  • Field a security researcher’s reports of security issues, from validation to fix and bounty award.
  • Improve our external and internal security documentation.

What You'll Do

  • Contribute to the development of security tooling, security policy, and product security.
  • Help manage our public bug bounty program: triaging, fixing and coordinating with affected teams to address valid findings.
  • Work side-by-side with cross-functional development teams, bring awareness of secure coding practices and teach developers application security fundamentals.
  • Dive into spam, fraud and other security related investigations, combing through large volumes of logs to identify anomalies or patterns, and develop protections based on them.
  • Monitor third-party dependency vulnerability reports and apply fixes and mitigations
  • Work with a diverse, remote-first team of kind humans that span the globe.

Who You Are

  • You are a great communicator who can explain technical issues and security risks to a broad, non-technical audience. You work well with engineering, support, product, legal, and the executive team. You tailor your communication style, level of detail, and approach based on the audience.
  • You operate effectively across teams and disciplines and have a strong background in engineering.
  • You are able to empathize with a diverse range of engineers.
  • You balance reaching out for help from others with researching solutions on your own. You know where to find answers and when to ask for assistance.
  • You care about the details, but not at the cost of the big picture. You believe finishing and shipping a good project is better than waiting for perfection.
  • You believe feedback is a gift, seek it out, and act on it.

What You’ve Done

  • You know what makes browsers, web and native applications secure and have knowledge of common security vulnerabilities and mitigations.
  • You've written robust and reliable production code in a modern language or framework such as JavaScript, Node.js, Ruby on Rails, or have a strong interest in learning these technologies.
  • You've worked in a security role in the past or have equivalent experience and interest in learning modern security standards.

When You Apply

In your cover letter, please include responses to the following:

  • The responsibilities for the Security team run broad and deep. How would you manage to identify what is important and what is not security-wise?
  • Why did you decide to apply to Harvest specifically?

On your application form, please respond to the following question:

  • Describe XSS and how it could impact an application like Harvest. What are the countermeasures to apply during development?