Key skills
Security analysisSecurity researchCyber securitySecurity engineeringSecurity toolingStatic analysis toolsSASTDASTCode scanning frameworksRule authoringAgentic security toolingAI-driven security toolingSoftware supply chain securityVulnerability managementSecurity Development Lifecycle (SDL)RubyGoPythonAIAgenticGitHubCI/CD
About this role
GitHub is the world’s leading platform for agentic software development, and they are looking for a Product Security Engineer III to join their Product Security Engineering team. This role focuses on building internal security platforms, tooling, and automation to protect GitHub's products at scale, while collaborating closely with product and engineering teams to implement security improvements.
Responsibilities:
- Design, build, and maintain security tooling and automation, including static analysis pipelines, secret scanning workflows, and dependency analysis systems
- Contribute to scalable solutions that reduce recurring vulnerability patterns, focusing on preventing classes of vulnerabilities rather than addressing individual instances
- Build and improve agentic security tooling for automated triage, assessment, and remediation of security findings
- Develop security libraries, CI/CD integrations, and developer-facing tools that make the secure path the default path for engineering teams
- Contribute to supply chain security defenses, building detection and prevention systems that protect GitHub's software supply chain
- Collaborate with teams across the organization to address security risks and define new requirements and feature sets
- Analyze key metrics and KPIs to identify trends in security issues, evaluate the effectiveness of security tooling and automation, and recommend improvements to address gaps in measurement
Requirements:
- 5+ years experience in security analysis, security research, cyber security, security engineering, or relevant area + OR Associate's Degree in a related field AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area + OR Bachelor's Degree in a related field AND 3+ years experience in security analysis, security research, cyber security, security engineering, or relevant area + OR Master's Degree in a related field AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area + OR equivalent experience
- 1+ year(s) of experience in building security tooling and implementing solutions in complex environments
- 3+ years experience programming in at least 2 of these 3 coding languages: Ruby, Go, Python
- Experience with static analysis tools (SAST/DAST), code scanning frameworks, or custom rule authoring
- Experience building agentic or AI-driven security tooling (e.g., automated triage, classification, or remediation)
- Familiarity with software supply chain security concepts and tooling
- Experience working in large-scale monolith or distributed service codebases
- Familiarity with GitHub's products, platform, and developer ecosystem
- Strong expertise in security principles, including the Security Development Lifecycle (SDL), and experience in vulnerability management