About GitHub: As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
Locations: In this role you can work from Remote, United States
Overview:
GitHub is seeking a Security Researcher to join its Security Lab. The qualified candidate will have the opportunities to perform security research tasks focused on securing open source software. They will have opportunities to discover and triage vulnerabilities using tools like CodeQL, curate security advisories and develop features for the Advisory Database, and engage with the wider open source community. If you have a foundation in information security and are passionate about securing open source software, then this might be the perfect opportunity for you.
The mission of the GitHub Security Lab is to inspire and enable the community to secure the open source software we depend on. We cultivate a collaborative community where developers and security professionals come together to secure open source software. We achieve this by educating the community on security best practices and sharing novel research, preventing similar issues at scale with automation and variant analysis, and notifying the community of new vulnerabilities and research techniques.
Responsibilities:
You will be charged with maintaining the completeness and correctness of the data within the Advisory Database and assigning CVEs to open source maintainers. As part of this role, you may:
Perform open source security research to discover, report, and remediate bugs
Write CodeQL queries in support of your OSS security research
Share your results with the OSS community (e.g. blog posts, security advisories, conference presentations)
Review, curate and publish security advisories, including their descriptions, affected product data, severity, and more using our curation tooling
Review CVE requests to ensure they conform to the CVE systems rules, assign CVE IDs and ultimately publish CVEs to the CVE Program’s list
Collaborate with security researchers and influence their research with data you are collecting
Develop and maintain the Advisory DB curation tooling
Work as part of a remote and geographically diverse team
Qualifications:
Required/Minimum Qualifications
2+ years experience in security research, cybersecurity, security analysis, security engineering, software development, or relevant areas
OR Associate's Degree AND 1+ years experience in security research, cybersecurity, security analysis, security engineering, software development, or relevant area
OR Bachelor's Degree in security research, cybersecurity, security analysis, security engineering, software development, or relevant area
OR equivalent experience.
6+ months of experience with a modern programming language, such as Python, Java, Ruby, etc.
Additional or Preferred Qualifications
3+ years experience in security research, cybersecurity, security analysis, security engineering, software development, or relevant areas
OR Associate's Degree AND 2+ years experience in security research, cybersecurity, security analysis, security engineering, software development, or relevant area
OR Bachelor's Degree AND 6+ months experience in security research, cybersecurity, security analysis, security engineering, software development, or relevant area
OR equivalent experience
6+ months experience working with GitHub and/or open source software
Understanding of open source software development, software package managers, static analysis tools, and software composition analysis tools
Familiarity with vulnerability analysis, vulnerability trends, and using common vulnerability standards to evaluate risk, root cause, and severity (e.g. CVE, CWE, CVSS)
Previous experience in the software security domain is a big plus (including bug bounty hunting or Capture The Flag competitions), though other relevant experience will be considered as well
Strong technical writing and verbal communication skills in English and the ability to work in a team, empathy for others when they need help, and accountability when they rely on you
Compensation Range: The base salary range for this job is USD $66,900.00 - USD $177,600.00 /Yr.
These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role. GitHub Leadership Principles:
GitHub values
- Customer-obsessed
- Ship to learn
- Growth mindset
- Own the outcome
- Better together
- Diverse and inclusive
Manager fundamentals
Leadership principles
- Create clarity
- Generate energy
- Deliver success
Who We Are: GitHub is the world’s leading AI-powered developer platform with 100 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.
Join us, and let’s change the world, together.
EEO Statement: GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
