Full Time: Application Security Engineer - Systems at GitHub in Remote

GitHub.com's rapid growth and broad attack surface make it an increasingly popular target for hackers.

That same growth has continued to diversify our application landscape.

At GitHub, new applications and libraries are increasingly developed to supplement our traditionally Ruby and Rails-centric platforms.

We need someone to take the lead on ensuring the security of this software.

As a systems programming AppSec Engineer at GitHub you will focus on securing our libraries and applications written in C/C++, Go, and other systems languages that help power our platform.

You will work with developers to quickly identify and fix vulnerabilities and to integrate automated security analysis into our workflows.

Your responsibilities will include:

Perform security assessments of existing and newly developed C/C++ and Go applications and libraries
Fix identified vulnerabilities and develop new code and patterns to prevent them in future development
Identify and address security architecture problems with existing and future applications and libraries
Automate the identification of security issues throughout our development workflow
Work with the engineers and project managers on systems programming teams to include security in their workflows
Triage submissions and help run the GitHub Bug Bounty program

The minimum qualifications are:

Significant experience in the application security assessment of C/C++ code
Strong understanding of memory corruption vulnerabilities and mitigations
Strong Linux and system security experience
Familiarity with security vulnerabilities across platforms and technologies
Familiarity with or willingness to learn application security assessment of Go code

Bonus points if you have:

Experience with fuzzing, AddressSanitizer, or other similar tools and techniques for finding and debugging memory corruption bugs
Experience with static analysis tools
Familiarity with Git and the Git codebase
Experience with the Chromium/Blink codebase
Experience assessing Ruby on Rails, C#, Objective C, or NodeJS applications

About GitHub


GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers.

Over ten million people use GitHub to build amazing things together.

With the collaborative features of GitHub.com, our desktop and mobile apps, and GitHub Enterprise, it has never been easier for individuals and teams to write better code, faster.

We have a lot of exciting things to do, and we’re looking for the right people to grow with us!


Working at GitHub is, to put it simply, a special slice of the universe.

We're committed to transparency, collaboration, experimentation, and always staying classy.

Because of this unique perspective, we've established one of the most flexible and well designed physical workspaces around that encourages you to work as you work best.

Right now, over 60% of our employees are based outside of our San Francisco (SOMA) headquarters and work according to how they get their best stuff done.

Ensuring that GitHubbers are healthy, motivated, focused and creative is how GitHub stays awesome.

Part of this is ensuring that our benefits

* are out of this world.

In a nutshell, we've built and are growing a place where we truly love working, and we think you will too.

GitHub is made up of people with many different backgrounds and lifestyles, and we like it that way.

We invite applications from people of all stripes.

We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, pregnancy status, veteran status, or any other differences that people imagine to discriminate against one another.

Also, if you have a disability, please let us know if there's anything we can do to make the interview process better for you; we're happy to accommodate.

*Please note that benefits vary by country, if you have any questions don't hesitate to ask your recruiter!


Source: GitHub:Jobs