← harvey / Staff Product Manager, Enterprise
brief / art__cZB5DEeS9k
role
model
anthropic/claude-sonnet-4.6
created
2026-05-26T19:42
Company snapshot
Harvey is an AI-native platform purpose-built for legal and professional services, combining frontier large language models with deep domain expertise to automate and augment high-stakes knowledge work such as contract review, due diligence, and legal research. The company has scaled to 1,000+ enterprise customers across 60+ countries and has attracted significant venture backing from top-tier investors including Sequoia, Google, and OpenAI (based on publicly reported funding rounds; specific round dates and amounts not independently verified here). Harvey is widely regarded as one of the breakout AI application-layer companies of the 2023–2025 wave, with strong reported product-market fit in Am Law 100 and Big Four professional services firms. Engineering reputation is generally positive in the AI/legal-tech community, with a focus on agentic workflows and enterprise-grade security — though internal engineering culture details are not independently verifiable. The company appears to be in a rapid scaling phase, investing heavily in enterprise platform infrastructure including governance, compliance, and admin tooling to support expansion into the world's most regulated organizations.
Team stack
Based on the JD and public signals: Python-heavy backend (likely FastAPI or similar), with React/TypeScript on the frontend (common for enterprise SaaS admin surfaces). Identity and access management layer almost certainly involves SAML 2.0/OIDC for SSO, SCIM 2.0 for directory sync, and RBAC/ABAC policy engines — likely built on or integrated with providers such as Okta, Azure AD, or Auth0 (inferred from enterprise governance focus in JD). Audit logging infrastructure likely uses an append-only event store, possibly on PostgreSQL or a cloud-native equivalent (e.g., AWS RDS or Aurora), with structured log pipelines to SIEM tools. LLM orchestration layer is proprietary but likely wraps frontier models (GPT-4, Claude) with Harvey-specific retrieval and grounding. Cloud infrastructure is likely AWS or GCP (uncertain). Data and metrics stack likely includes a modern warehouse (Snowflake or BigQuery, inferred) with dashboarding for product analytics. All stack inferences are based on the JD requirements and standard enterprise SaaS patterns — not confirmed internal sources.
Likely questions (10)
| area | question | why |
|---|---|---|
| system_design | Walk us through how you would design an RBAC system for a large law firm with 10,000 users, multiple practice groups, matter-level access controls, and strict need-to-know data isolation. What are the key tradeoffs between role-based and attribute-based access control in this context? | The JD explicitly calls out identity management, access controls, and the need to serve the world's largest regulated enterprises. This tests depth in the core governance domain. |
| system_design | How would you design an audit logging system that satisfies both real-time compliance monitoring needs and forensic investigation requirements for an enterprise customer subject to SOC 2 Type II and ISO 27001? What are the tradeoffs between completeness, query performance, and storage cost? | Audit logging is explicitly listed as a core surface area in the JD, and regulated enterprise customers (law firms, financial institutions) have strict audit trail requirements. |
| domain | Enterprise customers often require SCIM-based automated provisioning and de-provisioning. Describe the product and technical challenges of building a robust SCIM 2.0 integration, and how you would prioritize which identity providers to support first. | The JD specifically calls out identity management (SSO, SCIM, RBAC) as a required domain. This probes hands-on familiarity beyond surface-level awareness. |
| behavioral | Tell me about a time you had to navigate competing requirements from a security or compliance team, an engineering team, and a customer-facing team on a platform feature. How did you drive alignment and what was the outcome? | The JD emphasizes cross-functional collaboration with Security, Legal, Infrastructure, and Go-to-Market — and explicitly calls out navigating complex enterprise environments. |
| behavioral | Describe a 0-to-1 platform or infrastructure product you owned end-to-end. What did you learn about discovery, prioritization, and launch in an ambiguous environment? | The JD calls out a track record of shipping high-quality products end-to-end in fast-paced and ambiguous environments. Harvey is still building foundational enterprise infrastructure. |
| coding | You need to evaluate whether a proposed RBAC schema change will cause a permission regression for any of 50,000 existing user-role-resource assignments. How would you approach writing or specifying the test coverage for this, and what data structures would you use to make the evaluation efficient? | The JD requires a technical background and ability to go deep on engineering design and tradeoffs. Governance changes carry high blast radius — this tests technical depth in the domain. |
| domain | How would you define and measure 'governance coverage' as a product metric for Harvey's admin platform? What leading and lagging indicators would you track, and how would you use them to drive roadmap decisions? | The JD explicitly calls out establishing and tracking key metrics for platform adoption, admin efficiency, and governance coverage. |
| culture | Harvey operates at high intensity with strong ownership expectations. Tell me about a time you took ownership of a problem well outside your formal scope — what did you do, and what was the result? | The JD language ('real ownership,' 'urgency and care,' 'thrive in ambiguity') signals a high-agency culture. This probes fit with that operating model. |
| behavioral | Enterprise customers often have conflicting governance requirements — one customer wants tenant-level data isolation, another wants cross-matter analytics. How do you decide what to build into the core platform versus what to make configurable, and how do you communicate that tradeoff to customers and executives? | The JD calls out driving alignment on trade-offs and sequencing, and communicating clearly at both executive and working-team levels. |
| domain | Legal and professional services firms are subject to a range of regulatory frameworks (e.g., GDPR, CCPA, ABA Model Rules on confidentiality, SOC 2). How would you build a compliance posture roadmap for Harvey's admin platform, and how would you sequence investments across these frameworks? | The JD calls out aligning with industry standards and regulatory frameworks relevant to enterprise customers — this is a direct domain knowledge probe for the legal/professional services vertical. |
Talking points
- At Intuit, I owned the ICE Self-Service platform end-to-end — DevPortal, GitOps config, and ICE Playground — reducing developer onboarding from 2–3 weeks to under 24 hours for production, while mitigating over $1M in projected opex growth. That's a direct analog to Harvey's need to make a complex enterprise platform easy to govern and onboard at scale.
- I have hands-on experience with the full identity and access management stack: I built Kinde OAuth 2.0 authentication and tiered Stripe subscription management into StreamIO, and at Intuit I worked across ~20 mobile apps and 30+ product SKUs with telemetry-driven prioritization — giving me both the technical depth and the enterprise-scale PM experience the role requires.
- I built the ICE Presence and Background-to-Foreground Messaging features at Intuit, generating $480K/month in additional invoicing — demonstrating that I can connect platform infrastructure investments directly to measurable revenue outcomes, which maps to Harvey's 'land and expand' enterprise growth model.
- My aeval platform (FastAPI, TimescaleDB, Redis, Ollama) included CI/CD integration with automated safety gates and regression detection — showing I can think rigorously about compliance, auditability, and quality gates as first-class product requirements, not afterthoughts.
- I've led enterprise-facing platform work in regulated environments: at Kaiser Permanente I owned Splunk Logging-as-a-Service at 1.7 TB daily volume for 200+ internal enterprise customers, and at Splunk I owned Search Orchestration microservices for Fortune 500 customers — giving me credibility with the security, compliance, and IT stakeholders Harvey's enterprise customers will send to evaluate the platform.