Junior Security Researcher

GitHub is looking for a Junior Security Researcher to join their Security Lab team (https://securitylab.github.com). The GitHub Security Lab is a security research team whose mission it is to secure OSS. As a member of the GitHub Security Lab you will make a direct impact on the security of the software the world depends on.

You will perform security research tasks that are focused on finding and fixing vulnerabilities in OSS using CodeQL (https://codeql.com).

Responsibilities:

• Triage CodeQL security alerts on high-impact open source projects, disclose them to the maintainers, and get them fixed.
• Perform OSS security research (find and fix bugs).
• Write CodeQL queries in support of your OSS security research.
• Share your results with the OSS community (Advisories, Blog posts)

Minimum Qualifications:

• Familiarity with common vulnerability classes.

• Prior exposure / participation / experience in Software Security (commercially, academically or through personal pursuits like bug bounties or CTF participation).
• Enthusiasm for sharing your knowledge by writing blog posts about your work and by publishing other technical details such as custom CodeQL queries or well-documented PoCs.
• Coding proficient in at least two of these languages: Ruby, C, C++, C#, Java, Python, JavaScript or Go

Preferred Qualifications:

• Prior experience verifying and triaging software vulnerabilities.
• Prior experience with technical writing.
• Prior experience with CodeQL or other static analysis tools.
• Track record of coordinated disclosure (Attributed CVEs).
• Familiarity with the CVSS scoring system.
• Familiarity with the CVE (https://cve.mitre.org) assignment process.
• A proven ability to audit source code for security vulnerabilities in one or more of the following languages: Ruby, C, C++, C#, Java, Python, JavaScript or Go.

Who We Are:

GitHub is the developer company. Over 40 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Our Principles:

• Customer Obsessed
• Trust by Default
• Ship to Learn
• Own the Outcome
• Growth Mindset
• Global Product, Global Team
• Anything is Possible
• Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe.

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.

#LI-POST