Staff Software Engineer - Product Security Engineering, Remote Opportunity

Remote - US / Canada

Applications have closed

GitHub

GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows,...

View company page

The product security engineering team is looking for an experienced software engineer to join our Architecture team. You will help us strategically enable engineers at GitHub to design and build secure software and services both for GitHub and our customers. The Architecture team identifies the most important application and product security risks and leverages engineering-lead solutions to mitigate or eliminate those risks. Here are a few of the things you will do:

  • Libraries and frameworks - Our team enjoys writing code and we doubly enjoy code that can be reused for security throughout GitHub. As such, we are always looking for opportunities to build or contribute to libraries or frameworks (internal and open-source) so solutions to common security challenges are easier or, ideally, default behavior.
  • Code hardening - It makes our team sad when an API was used insecurely because it was confusing or hard to use. We are on the lookout for such code and APIs to work with teams or make an inner-source contribution to deprecate or modify them to be more "secure by default."
  • Consulting - We collaborate with engineers throughout GitHub to design pragmatic solutions to security obstacles that strike the right balance between security, usability, and pragmatism.
  • Architecture requirements/guidance - While our team enjoys collaborating with engineering, we also know that doesn't scale to answer every application security question that arises. Our team looks for broadly applicable architectural requirements we can standardize to enable teams to self-service their most common questions/security challenges.

Responsibilities:

  • Identify the most important strategic product security focus areas for the team and GitHub itself
  • Help lead security architecture discussions with other engineering teams throughout GitHub
  • Stay current with emerging security standards and help to identify when and where they should be adopted at GitHub
  • Identify foundational architectural gaps and propose requirements/approaches to enable engineers to build secure software/services at scale
  • Help lead the team’s technical/architectural decision making
  • Review code and lead group discussions about the projects we’re working on
  • Develop systematic solutions to problems instead of focusing on one-off fixes
  • Mentor other engineers

Minimum Qualifications:

  • You have a BS (or higher, e.g., MS, or PhD) in Computer Science or a related technical field involving coding (e.g., physics or mathematics), or equivalent technical experience
  • A passion for application security-related problems
  • Designing/writing software experience
  • Designing/architecting secure systems at scale
  • Comfortable making recommendations with GitHub-wide impact
  • Working knowledge of web application vulnerabilities and mitigations
  • Known for being a great communicator and collaborator
  • Excellent written and verbal communication skills
  • Preferred Qualifications:
  • Practical software development skills with Ruby on Rails or Go
  • Working knowledge of applied cryptography
  • Working knowledge of modern web security standards
  • Experience using Git and GitHub
     

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.

#LI-POST

Tags: APIs Application security Computer Science Cryptography GitHub Mathematics PhD Physics Product security Ruby Vulnerabilities

Regions: Remote/Anywhere North America
Countries: Canada United States
Job stats:  15  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.