Overview

GitHub.com’s rapid growth and broad attack surface make it an increasingly popular target for hackers. That same growth has continued to diversify our application landscape. At GitHub, new applications and libraries are increasingly developed to supplement our traditionally Ruby and Rails-centric platforms. We need someone to take the lead on ensuring the security of this software.

As a systems programming AppSec Engineer at GitHub you will focus on securing our libraries and applications written in C/C++, Go, and other systems languages that help power our platform. You will work with developers to quickly identify and fix vulnerabilities and to integrate automated security analysis into our workflows.

RESPONSIBILITIES:

  • Perform security assessments of existing and newly developed C/C++ and Go applications and libraries
  • Fix identified vulnerabilities and develop new code and patterns to prevent them in future development
  • Identify and address security architecture problems with existing and future applications and libraries
  • Automate the identification of security issues throughout our development workflow
  • Work with the engineers and project managers on systems programming teams to include security in their workflows
  • Triage submissions and help run the GitHub Bug Bounty program

MINIMUM QUALIFICATIONS:

  • Significant experience in the application security assessment of C/C++ code
  • Strong understanding of memory corruption vulnerabilities and mitigations
  • Strong Linux and system security experience
  • Familiarity with security vulnerabilities across platforms and technologies
  • Familiarity with or willingness to learn application security assessment of Go code

BONUS POINTS:

  • Experience with fuzzing, AddressSanitizer, or other similar tools and techniques for finding and debugging memory corruption bugs
  • Experience with static analysis tools
  • Familiarity with Git and the Git codebase
  • Experience with the Chromium/Blink codebase
  • Experience assessing Ruby on Rails, C#, Objective C, or NodeJS applications

About GitHub

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over nine million people use GitHub to build amazing things together. With the collaborative features of GitHub.com, our desktop and mobile apps, and GitHub Enterprise, it has never been easier for individuals and teams to write better code, faster.

You will have a lot of exciting things to do, and you could grow with us!

Why you should join:

Working at GitHub is, to put it simply, a special slice of the universe. You could join us in our commitment to transparency, collaboration, experimentation, and always staying classy.

Because of this unique perspective, we've established one of the most flexible and well designed physical workspaces around that encourages you to work as you work best. Right now, over 60% of our employees are based outside of our San Francisco (SOMA) headquarters and work according to how they get their best stuff done. Remote GitHubbers also come visit SF often and are encouraged to stay as long as they like!

Ensuring that you are healthy, motivated, focused and creative is how GitHub stays awesome. Part of this is ensuring that our benefits are out of this world.

In a nutshell, we've built and are growing a place in which you will truly love working.