Staff Security Analyst -Federal

Harness is a high-growth startup that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers’ pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs. The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, and continues to expand at an incredibly fast pace.
Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We’re backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.
POSITION SUMMARY
Using industry standards and best practices, a Staff Security Analyst is responsible for delivering security projects, programs, and building continuous compliance at scale.  We’re looking for candidates with experience implementing and managing FedRAMP, and with a drive to elevate security controls across the estate. 
As a Staff Security Analyst, you will lead efforts to discover and reduce risk, implement business and technical processes, and acquire and maintain compliance certifications.  You’ll use technology to design solutions that enable Harness’ security goals, and collaborate directly with engineering teams to Get Ship Done.  You will be responsible for defining, documenting, and implementing technical security and compliance controls, and measuring the effectiveness of Harness’ security programs.

Key Responsibilities

• Lead the security design and delivery of Harness’ Federal service offerings.
• Lead and deliver risk assessments and technical advisory across our technical environments and business processes.
• Lead and facilitate engagement with external suppliers, auditors, and federal prospects.
• Partner with security and engineering colleagues to continuously monitor and manage security controls. 
• Own and improve components of the supply chain security and vendor risk management process.
• Drive security and compliance across the business through empathetic partnership.
• Contribute precise and actionable analysis to enable security and privacy by design for engineering and business initiatives.
• Measure control and program effectiveness, and recommend new strategies to manage risk.
• Manage relationships with key partners, including the FedRAMP PMO, 3PAO and the AO.

About You

• You have at least 10 years of relevant industry experience.
• You have previous experience implementing or managing a FedRAMP compliant service offering.  
• You have deep expertise with NIST 800-53 and related SPs.  
• You have professional knowledge of enterprise SaaS applications and infrastructure. 
• You have previous experience in a cloud-native environment (AWS, GCP, or Azure).
• You want to work in a high-growth environment and build new programs from scratch.
• You care about the details, and are willing to ask questions when you’re unsure. 
• You are comfortable handling the unknown, and seek to bring clarity in ambiguous situations.

Bonus Points!

• You’ve led or played a primary role in achieving an ATO from scratch.
• Experience or familiarity with Platform One / Iron Bank.  
• You are familiar with what’s going on under the hood of an AWS or GCP console, and can speak to best practices for configuration and management. 
• You have exposure to industry regulations and compliance certifications (ISO 27001, SOC 2, SOX, etc.)
• You hold relevant security or technical certifications (CISA, CISSP, AWS/GCP Professional).
• You are eager to learn, and to share your knowledge with colleagues.  
• You like to automate the boring stuff.  

What You Will Have At Harness

• Competitive salary
• Comprehensive healthcare benefits
• Flexible Spending Account (FSA)
• Flexible work schedule
• Employee Assistance Program (EAP)
• Paid Time Off and Parental Leave
• Monthly, quarterly, and annual social and team building events
• TGIF-Off program - 10 extra days off! Awesome, right!
• Remote office stipend
• Monthly internet reimbursement
• Monthly Food & Beverage Reimbursement Program

Harness In The News

• Harness Snags $230 Series D - $3.7B Valuation
• #6 - Glassdoor Best Places to Work 2021 list
• #17 on Forbes Top 50 Cloud Companies to Work For
• #47 on LinkedIn’ Top 50 Companies to Work For
• #2 on Quartz 2021 list best places to work for remote workers
• 2021 Career Launching Companies List

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or national origin. #LI-Remote