GitHub is the world’s leading platform for agentic software development, and they are seeking a Senior Offensive Security Engineer to help secure GitHub. The role involves executing offensive operations, collaborating with product teams for remediation, and providing an offensive perspective to security-wide initiatives.
Responsibilities:
- Conceptualize, plan, and execute offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports
- Digest application and service architectures to identify potential threats and avenues for exploitation
- Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
- Be an advocate for best security practices
- Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems
- Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation
Requirements:
- 7+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
- OR associate's degree AND 6+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
- OR bachelor's degree AND 5+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
- OR master's degree AND 3+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
- OR doctorate AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area
- OR equivalent experience
- 3+ years of offensive experience including attack simulation, capability development, or vulnerability research
- 1+ years of experience creating tooling in Python, Go, Ruby, or Javascript
- 1+ years experience identifying common security vulnerabilities and mitigations within web applications and cloud infrastructure
- 5+ years of offensive security experience, including conducting red team engagements targeting organizations that use macOS and cloud technologies (Azure, AWS, Containers, Kubernetes, etc.)
- Strong familiarity with the GitHub platform and products
- Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON
- Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that
- Experience in security architecture review and threat modeling of software systems – bonus points if you have practical experience assessing the security posture of applications written using Ruby on Rails or Go