Senior Offensive Security Engineer

GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.

In this role you can work from Remote, United Kingdom

GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks targeting GitHub. We're looking for an offensive security engineer to expand GitHub’s Red Team operations.

In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation. You'll also provide a vital offensive perspective to many security-wide initiatives including threat modelling, table tops, and adversarial analysis. You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub.

Communication and empathy is key in this role. Your collaboration with engineers is as important as the vulnerabilities and security risks you identify. In this role you’ll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company.

• Conceptualize, plan, and execute offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports
• Digest application and service architectures to identify potential threats and avenues for exploitation
• Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
• Be an advocate for best security practices
• Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
• Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation

• 7+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR associate's degree AND 6+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR bachelor's degree AND 5+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR master's degree AND 3+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR doctorate AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area
  • OR equivalent experience.
• 3+ years of offensive experience including attack simulation, capability development, or vulnerability research
• 1+ years of experience creating tooling in Python, Go, Ruby, or Javascript
• 1+ years experience identifying common security vulnerabilities and mitigations within web applications and cloud infrastructure

• 5+years of offensive security experience, including conducting red team engagements targeting organizations that use macOS and cloud technologies (Azure, AWS, Containers, Kubernetes, etc.)
• Strong familiarity with the GitHub platform and products
• Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON
• Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that
• Experience in security architecture review and threat modeling of software systems – bonus points if you have practical experience assessing the security posture of applications written using Ruby on Rails or Go

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

• Model
• Coach
• Care

• Create clarity
• Generate energy
• Deliver success

GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.

Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).

At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.

Join us, and let’s change the world, together.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!