Offensive Security Engineer, Red Team

About GitHub

As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.

Locations

In this role you can work from Remote, United Kingdom

Overview

GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks on GitHub. We're looking for a security engineer to expand GitHub’s Red Team operations.

In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation. You'll also provide a vital offensive perspective to many security-wide initiatives including threat modeling, table tops, and adversarial analysis. You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub.

Communication and empathy is key in this role. Your collaboration with engineers is as important as the vulnerabilities and security risks you identify. In this role you’ll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company.

Responsibilities

• Conceptualize, plan, and execute basic offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports
• Digest application and service architectures to identify potential threats and avenues for exploitation
• Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
• Be an advocate for best security practices
• Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
• Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation
  
  

Qualifications

Required Qualifications:

• Offensive experience including attack simulation, capability development, or vulnerability research
• Experience writing tooling in Python, Go, Ruby, or Javascript
• Familiarity with common security vulnerabilities and mitigations within web applications and cloud infrastructure
• Hands-on experience with cloud technologies (Azure, AWS, Containers, Kubernetes, etc.)
• Demonstrated ability to work empathetically with blue team peers to foster effective and productive relationships
  
  

Preferred Qualifications:

• Excellent written and verbal communication skills targeting a broad range of audiences from engineers to leadership
• Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON
• Experience in security architecture review and threat modeling of software systems
• Practical experience with red team engagements targeting organizations that use macOS, Linux, and cloud infrastructure, including Azure and AWS
• Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that
• Practical experience assessing the security posture of applications written using Ruby on Rails or Go
  
  

GitHub values

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive
  
  

Manager fundamentals

• Model
• Coach
• Care
  
  

Leadership principles

• Create clarity
• Generate energy
• Deliver success
  
  

Who We Are

GitHub is the world’s leading AI-powered developer platform with 100 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.

Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.

Join us, and let’s change the world, together.