Staff Security Engineer

About The Position

Requirements

• 9+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 8+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Bachelor's Degree in Computer Science or related field AND 7+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Doctorate in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 3+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR equivalent experience.

Nice To Haves

• Experience with identity directories and IDPs (e.g., Okta, Entra ID / Azure AD) and authentication/authorization protocols (OAuth, OIDC, SAML, SCIM).
• Experience leading an enterprise IDP migration or large-scale identity platform consolidation, including parity validation, device trust, and phased cutovers.
• Experience operating IAM services in one or more major cloud environments (AWS, Azure, or GCP).
• Experience designing systems and APIs intended for programmatic or AI-agent consumption (e.g., structured tool APIs, agentic workflows, paved-path templates).
• Experience providing technical leadership for a production identity services

Responsibilities

• Set the technical direction for GitHub's identity and access management service area. Lead architecture and design across identity lifecycle, entitlements, privileged access, identity federation, and the workforce IDP. Author and shepherd design reviews;
• Lead multi-quarter IAM platform evolution. Take complex identity programs (e.g., IDP migrations, privileged access maturation, identity lifecycle automation) from architecture through production rollout. Prioritize long-term correctness over shallow wins; design for reversibility, parity validation, and phased cutovers that let dependent workstreams proceed without regression.
• Make least-privilege and just-in-time access the default for production systems. Lead the design of least privileged access within production systems; partner with adjacent Engineering teams on evolving production system access patterns.
• Own reliability, supportability, and operational maturity for IAM services. Participate in and provide technical leadership for the on-call rotation; lead postmortems; reduce incident volume through systemic fixes. Set the quality bar for testing, observability, deployment safety, and rollback across the IAM service area. Mentor senior engineers and raise the bar for code and design review.

Benefits

• annual bonus
• stock
• sales incentives
• generous learning and growth opportunities
• excellent benefits