GitHub is the home for software development, where developers collaborate to build some of the world’s most important software. The security of that software is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.
CodeQL is one such tool: our semantic code analysis engine that lets you query code as though it were data. CodeQL combines the latest research in compiler optimization with insights in database implementation. It understands the complex data structures inherent in code, and makes analysis available to researchers using a declarative, object-oriented query language. You can write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
- Work on the development and improvement of the CodeQL language, and evaluation engine, and tooling.
- Help to advance and evolve the core components of CodeQL:
- Compiler - making improvements on the language, optimizer, packaging ecosystem and creating features that allow for deeper analyses.
- Runtime - covering the efficient evaluation of queries, allowing CodeQL analyses to scale to the largest codebases in the world.
- Tooling - helping to improve the open source extension for Visual Studio Code as well as adding further extensions and tools to ease the adoption of CodeQL by engineers and researchers.
- R&D - investigate bleeding edge research for the development of CodeQL and the evolution of the language. Past examples include embedding deep neural networks for adaptive threat modelling; machine learning capabilities for adaptive alert ranking; research into the area of modular and incremental analysis.
- 5+ years of professional or academic experience in at least one if the following programming languages e.g. C, C++, Java, Rust, C#, Prolog,
- Experience in at least one of the following;
- Compilers / compiler construction
- Language design
- Program analysis and optimization
- Database theory
- Knowledge of high-performance interpreter construction and JIT compilation.
- Solid understanding of modern compilers (e.g. GHC, Rust, Clang, LLVM, GCC, Roslyn, ECJ, WindRiver, EDG, PyPy etc.); how they perform and how they process highly complicated source code.
- Experience of logic programming and declarative programming languages and techniques (e.g. Prolog, Datalog, Haskell, ML).
- Programming language design; program analysis; static analysis; code generation.
- Background in one of the following: Programming Language Design; Tooling; Abstract interpretation; Formal verification; Formal Methods; Program Analysis.
Who We Are:
GitHub is the developer company. Over 40 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
- Customer Obsessed
- Trust by Default
- Ship to Learn
- Own the Outcome
- Growth Mindset
- Global Product, Global Team
- Anything is Possible
- Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe.
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.