Software Engineer: CodeQL Security Analysis
Posted on 2/19/2022
- A good understanding of security principles, mitigations, and common vulnerable patterns
- A strong interest in security research, evidenced by participation in bug bounty programs or credited CVEs
- A passion for open-source, with a track record of maintainership or contribution, or two years' experience of software development in the context of a large code base
- Successful advocacy for or use of static analysis tools, fuzzers, profilers, or dynamic analysis tools
- Experience in mentoring others, especially to teach complex technical ideas or processes
- Strong written and verbal communication skills, ideally illustrated by technical blog articles or presentations
- Experience with the performance characteristics of querying relational databases
- Help us redefine what's possible through static analysis and variant analysis. as part of a team of code analysis and programming language experts
- Use CodeQL, our revolutionary declarative logic programming language, to create maintainable, robust, and low-noise automated analyses that help millions of developers write more secure code
- Engage with open-source maintainers and security researchers to create and deploy cutting-edge security analyses
- Model the security characteristics of widely used libraries and frameworks
- Find and report real vulnerabilities in open source code
- Apply our analyses at scale to tune and improve them; address false positive/false negative reports; make them scale to the largest code bases in the world while keeping turnaround time minimal; review open-source contributions; test and share analysis implementations across programming languages
Open-source code hosting
GitHub is on a mission is to build a global platform for developer collaboration. The company operates an open-source coding hosting and collaboration platform
- A diverse and inclusive workplace - At GitHub, we think that a diverse company is a strong company, and we work hard to foster a supportive and welcoming workplace. Learn more about our commitment to diversity.
- Work happier - Build amazing things with a balance of autonomy and collaborative teamwork. Set your own work schedule and make use of a flexible PTO plan when you need to recharge.
- Lead from any location - GitHub is a remote-first company with offices located throughout the US, Europe, and Asia. Whether you live near an office or not, GitHub believes you can do your best work wherever you are. If you work remotely, you will receive a stipend to outfit your home office and receive reoccurring reimbursement refreshes.
- Put your health and family first - You’ll enjoy 100% coverage of health insurance premiums across our medical, dental, and vision plan offerings, including coverage for dependents. We also offer five months of paid family leave to all new parents with the option to use it all at once or throughout the baby’s first year.
- Find your zen - GitHub provides a monthly wellness stipend designed to cover anything from gym memberships, massage, meditation apps, or any other wellness related expenses.
- Invest in your future - At GitHub, you’ll have a stake in the future success of our platform with equity grants. For full-time employees, we offer competitive 401k planning with a 50% company match up to the IRS 402(g) annual limit.
- Keep growing - Learn how you learn best. From books to conferences, you’ll get a yearly budget for your individual learning and development goals.
- Give back to your community - We believe in sharing our time, resources, and products to contribute to positive social impact. GitHub matches charitable donations up to $15,000 per calendar year. And for each hour (up to 40 hours) of volunteering per year, you will receive $20 to donate to an organization of your choice.
- Collaboration: We believe the best work is done together.
- Empathy: We believe in putting people first.
- Quality: We believe in setting the standard for excellence.
- Positive Impact: We believe in making the world a better place through our work.
- Shipping: We believe in creating things for the people using them.