Staff Security Researcher
About The Position
GitHub is seeking a Staff Security Researcher to join the GitHub Security Lab team. This role requires deep expertise in code security and a verifiable track record of finding critical security vulnerabilities. The ideal candidate will also have experience building security tools for developers and a history of publishing blog posts or presenting at conferences. In this position, you will identify and report vulnerabilities in open-source projects, assist maintainers with issue resolution (including suggesting fixes and coordinating disclosure), and engage with maintainers through initiatives like workshops for the GitHub Secure Open Source Fund. You will also develop and release tools to enhance open-source security. A strong interest in leveraging AI and agentic systems for security research is highly valued, as this is a growing focus for the team. The Security Lab's mission is to empower open-source maintainers and developers to ship secure code. As a Staff Security Researcher, you will collaborate with a global team to conduct advanced security research, uncover and mitigate emerging threats, provide maintainers and developers with practical knowledge and solutions, and serve as a thought leader in both the security and development communities. You will lead by example through technical contributions and mentorship, influence strategic direction and architectural decisions for GitHub products, and drive team performance to maximize positive impact on the open-source ecosystem. GitHub fosters a culture of developer empathy, transparency, and inclusive collaboration, where curiosity and a drive for impact are paramount. Join us to help shape the future of software development and impact millions of developers worldwide.
Requirements
- You have been personally credited with finding one or more high/critical severity CVEs in products or projects.
- You have published one or more blog posts on security topics OR you have presented at a security conference.
- 10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas OR Associate's Degree AND 9+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Bachelor's Degree AND 8+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Master's Degree AND 6+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Doctorate AND 4+ years experience in cyber security, security analysis, security engineering, software development, or relevant area OR equivalent experience.
Nice To Haves
- Easily verifiable track record of finding high impact vulnerabilities in open source projects.
- You have given (main-stage, non-sponsored) presentations at top security conferences.
- Experience using AI to find vulnerabilities.
- Experience in the emerging area of AI vulnerabilities, such as prompt injection attacks.
- 14+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas OR Associate's Degree AND 13+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Bachelor's Degree AND 12+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Master's Degree AND 10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area OR Doctorate AND 8+ years experience in cyber security, security analysis, security engineering, software development, or relevant area OR equivalent experience.
- 1+ year(s) experience working with GitHub and/or open source software.
Responsibilities
- High impact security research - Identifies, conducts, and supports others in conducting research into critical security areas, current attacks, adversary tracking, and academic literature.
- Build tools that help to secure open source - Works with others to synthesize research findings into recommendations for mitigation of security issues.
- Priorities - Identifies, prioritizes, and targets security issues that have the biggest impact on open source and/or on GitHub’s users, or that require significant and complex mitigation.
- Industry leadership - Helps others by sharing expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities); positions GitHub as a security leader.
- Be the customer’s voice - Solicits input from customers and partners to improve security issues.
- Internal influence - Helps to make connections and assists in developing agreements among groups to clarify priorities, dependencies, and provides coordination across groups.
Benefits
- competitive pay
- generous learning and growth opportunities
- excellent benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
