GitHub is changing the way the world builds software and we want you to help change the way we build and secure GitHub. We are looking for an Application Security Engineer with a strong development and application assessment background who will focus on identifying and remediating vulnerabilities throughout the development process.
As an Application Security Engineer at GitHub you will focus on securing our libraries and applications written in Ruby on Rails, Go, and other languages that help power our platform. You will work with developers to quickly identify and fix vulnerabilities through manual review, automated security analysis, and the GitHub Bug Bounty program.
Your responsibilities will include:
- Performing security assessments of existing and newly developed GitHub features and services
- Clearly communicating identified vulnerabilities and identifying new assessment techniques or features to prevent them in the future
- Triaging submissions and helping run the GitHub Bug Bounty program
- Consulting with developers to identify and address security architecture problems with existing and future applications
- Leveraging automated security analysis integrated within our development workflow and working to improve the accuracy and coverage of these tools
The minimum qualifications are:
- Significant experience in the security assessment of web applications
- Strong understanding of common and uncommon web application vulnerabilities and mitigations
- Strong written and verbal communication skills with comfort collaborating in an asynchronous environment
- Familiarity with modern web security features such as Content Security Policy, Subresource Integrity, and same-site cookies
Bonus points if you have:
- Experience with Ruby on Rails static analysis tools such as Brakeman
- Experience with fuzzing, AddressSanitizer, or other similar tools and techniques for finding and debugging memory corruption bugs
- Familiarity with Git and GitHub
- Experience assessing applications utilizing GraphQL and React
- Experience assessing applications implementing SAML, OAuth, or JSON Web Token authentication
- Linux and system security experience
Who We Are:
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 27 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of GitHub.com and GitHub Business, it has never been easier for individuals and teams to write faster, better code.
What We Value:
Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.