Senior Offensive Security Engineer

GitHub, Inc.-posted 2 days ago
Full-time • Mid Level
Remote
501-1,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks targeting GitHub. We're looking for an offensive security engineer to expand GitHub’s Red Team operations. In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation. You'll also provide a vital offensive perspective to many security-wide initiatives including threat modeling, table tops, and adversarial analysis. You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub. Communication and empathy is key in this role. Your collaboration with engineers is as important as the vulnerabilities and security risks you identify. In this role you’ll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company.

  • Conceptualize, plan, and execute offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports
  • Digest application and service architectures to identify potential threats and avenues for exploitation
  • Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
  • Be an advocate for best security practices
  • Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
  • Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation
  • 7+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR associate's degree AND 6+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR bachelor's degree AND 5+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR master's degree AND 3+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR doctorate AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR equivalent experience.
  • 3+ years of offensive experience including attack simulation, capability development, or vulnerability research
  • 1+ years of experience creating tooling in Python, Go, Ruby, or Javascript
  • 1+ years experience identifying common security vulnerabilities and mitigations within web applications and cloud infrastructure
  • 5+ years of offensive security experience, including conducting red team engagements targeting organizations that use macOS and cloud technologies (Azure, AWS, Containers, Kubernetes, etc.)
  • Strong familiarity with the GitHub platform and products
  • Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON
  • Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that
  • Experience in security architecture review and threat modeling of software systems – bonus points if you have practical experience assessing the security posture of applications written using Ruby on Rails or Go
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Senior Cloud Engineer Resume Examples
Senior Cloud Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service