Senior Software Engineer

About GitHub

As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 150+ million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate and experiment across 420+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.

Locations

In this role you can work from Remote, United States

Overview

GitHub is the home for software development, where we collaborate to build the world's leading AI-powered developer platform.

In the GitHub code scanning team, we are passionate about ensuring the security and quality of the world’s software - from open source to the enterprise. We believe that the best way to secure and improve the quality of software is to detect actionable issues early in the development process, and actively facilitate their remediation as part of the developer workflow.

Our team develops CodeQL and Copilot Autofix, detection and remediation engines that power the GitHub code scanning product, used by hundreds of thousands of developers and projects every day as part of GitHub's Advanced Security offering.

• CodeQL is GitHub's semantic code analysis engine that uses world-class static analysis research and technology to deeply analyze code, enabling the early detection of security vulnerabilities and correctness errors in software. CodeQL supports a wide range of programming languages, including C/C++, C#, Go, Java, JavaScript/TypeScript, Kotlin, Python, Ruby, and Swift.

• Copilot Autofix is GitHub's LLM-powered remediation engine that produces high-quality fix suggestions for code scanning alerts, empowering developers to fix alerts as soon as they are found or that already exist in their codebase.

We work as a distributed group within a distributed company. The majority of our team members live across Europe, the US, and Canada, and while we do have some offices, all our meetings are location-agnostic and happen online. We operate with a high degree of autonomy and trust, and we have a significant level of influence on the product and technical direction of CodeQL, code scanning, and the broader set of security products at GitHub. We value learning, introspection and reflection, and we’re always looking for ways to improve as a team and as individuals, so candor and a culture that values safety to speak up are highly important to us.

Responsibilities

We are looking for a Senior Software Engineer to join one of the distributed software engineering teams responsible for building and expanding the CodeQL and Copilot Autofix engines. In this role you will work in one of the following areas, selected based on your own experience and interests, and the needs of the organization at the time of hiring:

• Code analysis: Maintaining detection support for multiple programming languages, including:

  • building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported language

  • writing and maintaining queries in the CodeQL query language that accurately detect security vulnerabilities and undesirable coding patterns

  • ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found

  • building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages

  • experimenting with and robustly evaluating LLM-powered detection engines and integration between LLMs and traditional static analysis.

• Foundations: Developing QL, the query language powering CodeQL analysis, and its underlying query compiler and evaluator within the CodeQL CLI. Expanding the expressive power of the CodeQL query language and speeding up the performance of the underlying query engine, empowering other teams to write high-quality analysis, and ensuring that CodeQL scales to the largest codebases in the world.

• Experiences: Developing the CodeQL CLI and the CodeQL Action, integrating CodeQL as a code scanning tool running in production in GitHub Actions, third-party CI systems, the command line, and the IDE.

• Copilot Autofix: Building, expanding, and robustly evaluating the Copilot Autofix engine, which uses LLMs and contextual information from code scanning alerts to produce AI-powered fix suggestions for those alerts.

In any of the above tracks, you will work closely with various engineering teams, product managers, designers, and technical writers that build different aspects of the code scanning product, to influence product direction and deliver features to users, with clear focus on quality, reliability, and user experience. You will engage with internal users and external users (both from enterprise customers and the open-source community) to help them succeed with the product. You’ll influence and provide feedback on the organizational culture and processes, always looking for opportunities to improve in a continuous pursuit of excellence.

Qualifications

Required Qualifications

For this role, we’re looking for an experienced software engineer with:

• 6+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript/TypeScript, Go, Ruby, Rust, or Python.

  • OR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript/TypeScript, Go, Ruby, Rust, or Python.

  • OR Bachelor's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, or related field AND 4+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript/TypeScript, Go, Ruby, Rust, or Python

  • OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, or related field AND 2+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript/TypeScript, Go, Ruby, Rust, or Python.

  • OR Doctorate in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, or related field.

  • OR equivalent experience.

• 3+ years of experience with one or more of the following areas:

  • Software security, including static analysis, dynamic analysis, software supply chain security, and best practices in creating high-quality, secure code.

  • OR Experience building developer tools that operate on source code, such as compilers, parsers, linters, static analyzers, debuggers, CLI tools, or IDE extensions.

  • OR Machine learning applied to understanding source code or other structured data, specifically using prompt engineering with large language models (LLMs) and systematic benchmarking and evaluation of AI-based systems.

Preferred Qualifications

Additionally, we would highly encourage applying if you have one or more of the following skills:

• Excellent written and verbal communication skills.

• Passionate about fostering good engineering practices, tools, and processes.

• Experience working in a distributed team, including operating effectively across multiple time zones (our teams span a wide time zone range from Pacific time to Central European time).

• Ability to work with multiple stakeholders and teams across engineering, product, and design, and create a shared understanding of decision making, direction, priorities, and progress between the team, the org, and the broader company.

• Experience operating user-facing software at scale, including availability, observability, and security fundamentals.

• Industry or research knowledge of compilers, program analysis, programming language design and implementation.

• Knowledge of logic programming or database query languages (e.g. SQL, Prolog, Datalog, Kusto Query Language).

• Experience building integrations with CI/CD systems, such as GitHub Actions or Jenkins.

Compensation Range

The base salary range for this job is USD $112,800.00 - USD $299,300.00 /Yr.

These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.
GitHub values

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

Manager fundamentals

• Model
• Coach
• Care

Leadership principles

• Create clarity
• Generate energy
• Deliver success

Who We Are

GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.
Join us, and let’s change the world, together.

EEO Statement

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!