Overview
GitHub.com’s rapid growth and broad attack surface make it an increasingly popular target for attack, given that we protect the key intellectual property of a massive number of companies and people. The Product Security team is dedicated to identifying the largest application security risks to GitHub and our users and then using our passion for building things to mitigate or eliminate those risks.
Protecting GitHub and our users from attack is challenging and an ever changing problem. But, the vision of those of us on the Product Security team is consistent. We aim to:
- Prevent single application layer security issues from compromising GitHub or our users’ data.
- Remove application layer security barriers that prevent GitHub developers from realizing their features securely.
- Prevent GitHub from introducing new security issues due to confusing or error prone code and APIs.
As a member of GitHub’s Product Security team, you will be working to help realize our team’s vision by applying software engineering practices to interesting security problems. Our team has worked on a wide range of projects in the past such as:
- Two-factor authentication
- Client-side security features such as Content Security Policy
- Code/API hardening and security refactoring
- Encryption APIs
- Authentication APIs
- Rate limiting malicious actors
- OAuth implementation hardening
If you love writing code and are passionate about solving security problems, then this may be the gig for you!
Responsibilities
- Collaborate with other product security engineers to implement new security features and APIs.
- Help to identify security gaps and design new methods to protect against them.
- Partner with other teams to help solve application security problems across GitHub.
- Research emerging security techniques (new standards, design patterns, etc) that we can apply at GitHub.
Requirements skills and experience
- A passion for application security related problems.
- A strong background in software engineering.
- Excellent written and verbal communication skills.
Preferred skills and experience
- Familiarity with web application vulnerabilities and mitigations.
- Practical software development skills with Ruby and Go.
- Experience using Git and GitHub.
Who We Are:
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 28 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of GitHub.com and GitHub Business, it has never been easier for individuals and teams to write faster, better code.
What We Value:
Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We’ve designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We’ve designed our top-notch benefits program with these goals in mind. In a nutshell, we’ve built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don’t discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there’s any way we can make the interview process better for you; we’re happy to accommodate!
Please note that benefits vary by country, if you have any questions, please don’t hesitate to ask your Talent Partner.