Principal Security Researcher

GitHub is seeking a Principal Security Researcher to join the GitHub Security Lab team and help shape the future of our Open Source Security organization. In this critical leadership position, you’ll drive the security research agenda, inspire and coach other security researchers, and influence solutions from GitHub and partners that make a real impact on the open source software we all depend on. You will play a key role in empowering open source maintainers and developers to ship secure code, uncovering and mitigating emerging patterns, and providing actionable knowledge and pragmatic solutions.

• High impact security research – Identify, conduct, and support others in researching critical security areas, current attacks, and adversary tracking. Guide others to synthesize findings into recommendations for mitigating security issues and prototype tools for large‑scale security research.
• Analysis of security threats in Open Source – Analyze and synthesize collected information to address complex security problems and threats, including emerging threats such as LLM prompt injections. Derive priorities for research and mitigations, and lead post‑mortem and root‑cause analyses for large‑scale open‑source issues to specify tools and systems that support incident response.
• Priorities – Identify, prioritize, and target security issues that have the biggest impact on open source and GitHub’s users or that require significant and complex mitigation.
• Thought leadership – Write blogs and give conference talks. Lead, facilitate, and participate in industry and company‑wide forums, influencing them to address the most pressing open‑source security issues and positioning GitHub as a security expert.
• Be the customer’s voice – Solicit input from customers and partners, from open source or enterprises, to improve security.
• Internal influence – Use technical expertise and understanding of customers’ needs to inform and influence internal leadership forums, driving meaningful security impacts in the open source ecosystem, the security of the GitHub platform, and the success of the GitHub Security Products.

• 12+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas.
• Associate’s Degree AND 11+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Bachelor’s Degree AND 10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Master’s Degree AND 8+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Doctorate AND 6+ years experience in cyber security, security analysis, security engineering, software development, or relevant area.
• 17+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas.
• Associate’s Degree AND 16+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Bachelor’s Degree AND 15+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Master’s Degree AND 13+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area.
• Doctorate AND 11+ years experience in cyber security, security analysis, security engineering, software development, or relevant area.
• Track record of security vulnerability disclosures (CVEs) credited to you.
• Credited author on one or more published articles/papers or speaker/presenter at a security‑related conference.
• 5+ years experience in a relevant field (e.g., bug bounty, security research).
• 1+ year(s) experience in software development.
• 1+ year(s) experience working with GitHub and/or open source software.

• Customer‑obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

• Model
• Coach
• Care

• Create clarity
• Generate energy
• Deliver success

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don’t discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. If you have a disability, please let us know if there’s any way we can make the interview process better for you; we’re happy to accommodate.