Product Security Engineer (AppSec) Assessment
Remote - US
GitHub
GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows,...GitHub is changing the way the world builds security software and we want you to help change the way we secure GitHub. We are looking for an experienced application security engineer to join our Product Security Engineering (PSE) Assessment team.
GitHub's Assessment team is responsible for identifying security gaps in our software through runtime and static software security testing, participating in deeply technical threat models, executing Rapid Risk Assessments (RRAs), and providing consultative functions to both engineers as well as other Security team members.
We're looking for an engineer with a zest for securing modern software stacks through the identification of security vulnerabilities to join the team. You will not only identify security gaps in our software and services, but will also collaborate with team members across the organization to ensure GitHub is most trustworthy platform for developers everywhere to create and build software.
Discovering vulnerabilities is only one step in our Security Development Lifecycle. The Assessment team continually and regularly contributes to preemptive security efforts such as guiding secure code standards, consultation on external security assessments and audits, and assisting our incident response teams with variant analysis.
Responsibilities
- Participate in and drive application security review at all parts of the Software Development Lifecycle, including threat modeling, code review and dynamic testing
- Consulting with engineers to design secure code
- Collaborating with engineers to track vulnerability resolution
- Assist in automating testing to detect vulnerabilities at scale
- Assist in variant analysis during our incident response process to identify similar vulnerabilities across our code bases and ensure thorough remediation
Minimum Qualifications
- Extensive experience in application security principles, best practices and common web security vulnerabilities
- Significant experience scoping and executing application security testing and code review across complex code bases
- Experience with performing threat modeling
- Excellent written and verbal communication skills allowing you to clearly explain intricate vulnerabilities and technically sound mitigations
- Fundamental knowledge of HTTP, twirp, gRPC, git and network protocols and standards such as DNS and TCP/IP
Bonus points if you have
- Experience in Cloud architecture security (ex: Azure, AWS, GCP)
- Experience utilizing GitHub product features, such as GitHub Actions
- Industry standard certifications (OSCP, AWAE, etc.)
- Experience and expertise using CodeQL as well as writing CodeQL queries
Minimum salary of $104,400 to maximum $276,900 + bonus + equity + benefits.
· Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in Colorado.
Who We Are:
GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Leadership Principles:
Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.
#LI-POST
Tags: Application security Audits AWS Azure Cloud CodeQL DNS GCP GitHub Incident response OSCP Product security Security assessment TCP/IP Vulnerabilities
Perks/benefits: Equity Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs