GitHub is seeking a CodeQL Analysis Engineer for our Professional Services Delivery team. CodeQL is GitHub's semantic code analysis engine that lets you query code as though it were data. As a CodeQL Analysis Engineer, you will have a direct impact on the security of some of the world’s largest code bases and the most commonly used applications. Acting as a trusted advisor, you will work closely with our customers' security teams to support them in their use of CodeQL: providing recommendations, training and working on implementing custom static analyses to help discover critical vulnerabilities in their code. We are looking for a passionate technologist who can apply cutting-edge static analysis techniques to messy real-world problems and teach our customers how to do the same.
- Provide CodeQL training for developers and security engineers
- Use CodeQL to develop novel static analyses to find real vulnerabilities in our customers' code
- Be a trusted advisor for our customers on all aspects of CodeQL
- Refine and scale analyses so they can be run across 1000s of codebases
- Develop creative solutions using CodeQL to help solve challenging customer problems
- A strong foundation in Computer Science (BSc, MSc, PhD or equivalent practical experience), including familiarity with compiler construction or program analysis
- Must be comfortable mentoring other engineers and disseminating complex technical ideas and processes
- Strong written and verbal communication skills
- An ability to persuade customers to make hard but worthwhile technical decisions
- An ability to see the tradeoffs of technical solutions and make recommendations to customers
- A desire to help others, and to collaborate with both customers and GitHub team members
- A growth mentality and a passion for discovering new technologies
- Able to coordinate with teams across locations and time zones
- Experience with software development fundamentals (version control using git, pull request workflows etc.)
- Experience implementing or working with static analysis, with a particular focus on taint tracking or abstract interpretation; or experience implementing high-level languages (interpreters or compilers)
- Experience with Logic Programming (Datalog, Prolog, CodeQL) or Functional Programming (Haskell, OCaml, Lisp, etc.)
- Strong knowledge of secure coding practices and common types of security vulnerabilities
- Experience in a customer-facing role
- Experience using scripting languages (bash, Python, PowerShell etc.) for automation purposes
- Familiarity with relational database fundamentals
Who We Are:
GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.