Product Security Engineer III
About The Position
GitHub is transforming how the world builds secure software, and we are looking for a Product Security Engineer III to join our Product Security Engineering team. This is a hands-on engineering role focused on building internal security platforms, tooling, and automation that protect GitHub's products at scale. You will design, build, and maintain the systems that make GitHub's security program run: static analysis pipelines, agentic security tooling, supply chain defenses, and developer-integrated security controls. The ideal candidate is a strong software engineer who is passionate about application security and wants to solve security problems through code. You will partner closely with product and engineering teams to ship security improvements that scale with the organization.
Requirements
- 5+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree in a related field AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Bachelor's Degree in a related field AND 3+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Master's Degree in a related field AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area OR equivalent experience.
- 1+ year(s) of experience in building security tooling and implementing solutions in complex environments.
- 3+ years experience programming in at least 2 of these 3 coding languages: Ruby, Go, Python.
Nice To Haves
- Experience with static analysis tools (SAST/DAST), code scanning frameworks, or custom rule authoring.
- Experience building agentic or AI-driven security tooling (e.g., automated triage, classification, or remediation).
- Familiarity with software supply chain security concepts and tooling.
- Experience working in large-scale monolith or distributed service codebases.
- Familiarity with GitHub's products, platform, and developer ecosystem.
- Strong expertise in security principles, including the Security Development Lifecycle (SDL), and experience in vulnerability management.
Responsibilities
- Design, build, and maintain security tooling and automation, including static analysis pipelines, secret scanning workflows, and dependency analysis systems.
- Contribute to scalable solutions that reduce recurring vulnerability patterns, focusing on preventing classes of vulnerabilities rather than addressing individual instances.
- Build and improve agentic security tooling for automated triage, assessment, and remediation of security findings.
- Develop security libraries, CI/CD integrations, and developer-facing tools that make the secure path the default path for engineering teams.
- Contribute to supply chain security defenses, building detection and prevention systems that protect GitHub's software supply chain.
- Collaborate with teams across the organization to address security risks and define new requirements and feature sets.
- Analyze key metrics and KPIs to identify trends in security issues, evaluate the effectiveness of security tooling and automation, and recommend improvements to address gaps in measurement.
Benefits
- competitive pay
- generous learning and growth opportunities
- excellent benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
