Principal Security Researcher

GitHub is seeking a Principal Security Researcher to join the GitHub Security Lab team and help shape the future of our Open Source Security organization. In this critical leadership position, you'll drive the security research agenda, inspire and coach other security researchers, and influence solutions from GitHub and partners that make a real impact on the open source software we all depend on.

• High impact security research – Identifies, conducts, and supports others in conducting research into critical security areas, current attacks, adversary tracking. Guides others to synthesize research findings into recommendations for mitigation of security issues. Guides team(s) by sharing expertise to identify potential security issues, tools, mitigations, and processes. Prototypes tools for large‑scale security research.
• Analysis of security threats in Open Source – Analyzes and synthesizes collected information to address complex security problems and threats, including emerging threats (e.g., LLM prompt injections). Derive priorities for research and mitigations. Applies expert knowledge and diagnostic expertise to lead postmortem and root cause analyses for complex and/or large‑scale issues in open source to specify tools and systems that support incident response, and mitigate and resolve issues across open source organizations.
• Priorities – Identifies, prioritizes, and targets security issues that have the biggest impact on open source and/or on GitHub's users, or that require significant and complex mitigation.
• Thought leadership – Write blogs, conference talks. Leads, facilitates, and participates in industry and company‑wide forums, and influences them to address the most pressing open source security issues. Position GitHub as a security expert.
• Be the customer's voice – Solicits input from customers and partners, from open source or enterprises, to improve security.
• Internal influence – Uses technical expertise and the understanding of customer needs to inform and influence internal leadership forums, in order to drive meaningful security impacts in the open source ecosystem, the security of the GitHub platform, and the success of the GitHub Security Products.

• 12+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas
• Track record of security vulnerability disclosures (CVEs) credited to you.
• Credited author on 1+ published article(s)/paper(s) OR Speaker/presenter at a security‑related conference.
• 5+ years experience in a relevant field (e.g., bug bounty, security research).
• 1+ year(s) experience in software development.
• 1+ year(s) experience working with GitHub and/or open source software.

• Customer‑obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

• Model
• Coach
• Care

• Create clarity
• Generate energy
• Deliver success

GitHub is the world's leading platform for agentic software development – powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot. GitHub is a remote‑first organization offering competitive pay, generous learning and growth opportunities, and excellent benefits.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We do not discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. If you have a disability, please let us know if there's any way we can make the interview process better for you; we are happy to accommodate.