GitHub Senior Application Security Engineer

Posted on March 29th, 2019

GitHub is changing the way the world builds software and we want you to help change the way we build and secure GitHub. We are looking for an Application Security Engineer with a strong development and application assessment background who will focus on identifying and remediating vulnerabilities throughout the development process.

As an Application Security Engineer at GitHub you will focus on securing our libraries and applications written in Ruby on Rails, Go, and other languages that help power our platform. You will work with developers to quickly identify and fix vulnerabilities through manual review, automated security analysis, and the GitHub Bug Bounty program.


  • Performing security assessments of existing and newly developed GitHub features and services
  • Clearly communicating identified vulnerabilities and identifying new assessment techniques or features to prevent them in the future
  • Triaging submissions and helping run the GitHub Bug Bounty program
  • Consulting with developers to identify and address security architecture problems with existing and future applications
  • Leveraging automated security analysis integrated within our development workflow and working to improve the accuracy and coverage of these tools

Minimum Qualifications:

  • Significant experience in the security assessment of web applications
  • Strong understanding of common and uncommon web application vulnerabilities and mitigations
  • Strong written and verbal communication skills with comfort collaborating in an asynchronous environment
  • Familiarity with modern web security features such as Content Security Policy, Subresource Integrity, and same-site cookies
  • Familiarity with or eagerness to learn about security vulnerabilities specific to Ruby on Rails, Go, and JavaScript

Preferred Qualifications:

  • Experience with Ruby on Rails static analysis tools such as Brakeman
  • Experience with fuzzing, AddressSanitizer, or other similar tools and techniques for finding and debugging memory corruption bugs
  • Familiarity with Git and GitHub
  • Experience assessing applications utilizing GraphQL and React
  • Experience assessing applications implementing SAML, OAuth, or JSON Web Token authentication
  • Linux and system security experience

Who We Are:

GitHub is the developer company. Over 31 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

What We Value:

Collaboration: We believe the best work is done together. 
Empathy: We believe in putting people first. 
Quality: We believe in setting the standard for excellence. 
Positive Impact: We believe in making the world a better place through our work. 
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Where We Can Hire

Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner. 



Apply for this Position