Remote Senior Product Security Engineer - Bug Bounty bei GitHub, Inc.

About GitHub:As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 150+ million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate and experiment across 420+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
Locations:In this role you can work from Remote, United States
Overview:

GitHub Security exists to keep the world’s code safe, and the Bug Bounty team plays a pivotal role by harnessing the global security research community to uncover and remediate vulnerabilities before they impact users. We're looking for a Senior Product Security Engineer with deep expertise in security research to take the program to the next level. In this role, you'll validate and analyze complex vulnerability submissions, distill researcher findings into actionable intelligence, and shepherd remediation efforts across multiple product surfaces. You’ll serve as a technical backbone of our bounty triage process, identifying novel attack vectors and elevating our understanding of emerging trends through deep investigation of current threats, adversary behaviors, and academic research.

You’ll collaborate across GitHub to synthesize research into meaningful mitigation recommendations, evaluate technical indicators, and derive insights from multiple data sources to help identify and prioritize security issues. Alongside your research-driven work, you’ll promote bounty wins with GitHub’s Communications team, engage top researchers through our VIP track, and help coordinate live hacking events that further GitHub’s mission to keep code secure for everyone.

Responsibilities:

• Drive daily operations of GitHub’s Bug Bounty Program, including report validation, researcher communications, and vulnerability triage across surfaces and severity levels. Drive cross-functional alignment by articulating technical risks to non-technical stakeholders and fostering collaboration across engineering, product, and security teams.
• Advocate priorities. Elevate findings appropriately to address and mitigate issues. Solicit feedback and evaluate results to incorporate into future opportunities. Demonstrate judgment in identifying projects and priorities (e.g., what to test and pursue). Understand interplay across GitHub technologies and how they give rise to attacker opportunities.
• Build tools and systems to automate the synthesis of vulnerability data, identify nuanced exploit variants, and elevate program-level metrics and insight generation.
• Collaborate with engineering and security stakeholders to conduct root cause and variant analyses, ensuring remediation efforts are accurate, scalable, and timely. Suggests new solutions to mitigate security issues. Makes tradeoffs to balance security and operational needs. Identify and recommend process improvements and adopt best practices. Leverage the work of others to improve existing processes. Help drive resolution to systemic security issues through cross-team collaboration. Drive cross-team collaboration. 
• Support community-facing efforts that increase engagement from top tier researchers via bounty disclosure coordination, promotional content creation, and live event planning and execution. Represent GitHub’s security research in internal and external forums, contributing to industry conversations through publications, talks, and mentorship.
• Mentor team members in research methodologies and triage practices, modeling sound prioritization, ethical standards, and thoughtful risk-taking in service of keeping the world’s code secure.
• Lead and contribute to security research initiatives focused on emerging threats, attacker behaviors, and exploitation techniques relevant to GitHub’s technology stack. Translate technical findings into actionable mitigation strategies and architecture guidance, balancing security rigor with operational feasibility.

Qualifications:

Required Qualifications

• 7+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas
  
  • OR Associate's Degree AND 6+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
  • OR Bachelor's Degree AND 5+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
  • OR Master's Degree AND 3+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
  • OR Doctorate AND 1+ year(s) experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
  • OR equivalent experience.
• 1+ year(s) experience in software development (ideally Ruby or Python). 
• 1+ year(s) experience working with GitHub and/or open source software.

 

Preferred Qualifications

• Exceptional communication and conflict resolution skills.
• Proven experience in program and/or event coordination.
• Credited author on 1+ published article(s)/paper(s) or experience as a speaker/presenter at a Security-related conference. 
• 3+ years experience in relevant field (e.g., bug bounty, security research).

Compensation Range:The base salary range for this job is USD $112,800.00 - USD $299,300.00 /Yr.

These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.GitHub Leadership Principles:

GitHub values

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

Manager fundamentals

• Model
• Coach
• Care

Leadership principles

• Create clarity
• Generate energy
• Deliver success

Who We Are:GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.
Join us, and let’s change the world, together.
EEO Statement:GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate! Jetzt bewerben