Staff Security Researcher

Remote Full-time
About GitHub

GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.

Locations

In this role you can work from Remote, Germany

Overview

GitHub is seeking a Staff Security Researcher to join the GitHub Security Lab team. We’re looking for someone with deep expertise in code security and an easily verifiable track record of finding critical security vulnerabilities. We’re looking for someone who also has experience of building security tools for developers and has written blog posts and/or presented at conferences about their work.

In this role, you will find and report vulnerabilities in open source projects. You will help the maintainers to resolve the issues, for example by suggesting fixes and by helping them to coordinate the disclosure. You will also work with open source maintainers in other ways, such as helping to run workshops for the GitHub Secure Open Source Fund. You will create and publish tools that will help to make open source more secure. You should have an interest in using AI and agentic systems for security research, as that is an area that our team is increasingly focusing on.

In the Security Lab, our mission is to empower open source maintainers and developers to ship secure code. As a Staff Security Researcher, you’ll work alongside a globally distributed team to perform elite security research that uncovers and mitigates emerging patterns, empower maintainers and developers with actionable knowledge and pragmatic solutions, and be a thought leader for both the security and the development community.

You’ll lead by example—both through your own technical contributions and by mentoring others. You’ll guide our strategy, influence architectural decisions for GitHub’s products, and drive performance optimization in our team to increase our positive impact on the open source ecosystem. Our culture is built on developer empathy, transparency, and inclusive collaboration. Here, curiosity and a drive for impact are at the heart of everything we do.

Join us to help shape the future of software development and make a difference for millions of developers around the world.

Responsibilities

High impact security research - Identifies, conducts, and supports others in conducting research into critical security areas, current attacks, adversary tracking, and academic literature.
Build tools that help to secure open source - Works with others to synthesize research findings into recommendations for mitigation of security issues.
Priorities - Identifies, prioritizes, and targets security issues that have the biggest impact on open source and/or on GitHub’s users, or that require significant and complex mitigation.
Industry leadership - Helps others by sharing expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities); positions GitHub as a security leader.
Be the customer’s voice - Solicits input from customers and partners to improve security issues.
Internal influence - Helps to make connections and assists in developing agreements among groups to clarify priorities, dependencies, and provides coordination across groups.

Qualifications

Required Qualifications
You have been personally credited with finding one or more high/critical severity CVEs in products or projects.
You have published one or more blog posts on security topicsOR you have presented at a security conference.

10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas OR Associate's Degree AND 9+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Bachelor's Degree AND 8+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Master's Degree AND 6+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Doctorate AND 4+ years experience in cyber security, security analysis, security engineering, software development, or relevant area
OR equivalent experience.

Business-level fluency in English.
Preferred Qualifications (nice to have)
Easily verifiable track record of finding high impact vulnerabilities in open source projects.
You have given (main-stage, non-sponsored) presentations at top security conferences.
Experience using AI to find vulnerabilities.
Experience in the emerging area of AI vulnerabilities, such as prompt injection attacks.
14+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas OR Associate's Degree AND 13+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Bachelor's Degree AND 12+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Master's Degree AND 10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area
OR Doctorate AND 8+ years experience in cyber security, security analysis, security engineering, software development, or relevant area
OR equivalent experience.

1+ year(s) experience working with GitHub and/or open source software.

GitHub values

Customer-obsessed

Ship to learn

Growth mindset

Own the outcome

Better together

Diverse and inclusive

Manager fundamentals

Model

Coach

Care

Leadership principles

Create clarity

Generate energy

Deliver success


Who We Are

GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.


Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.


Join us, and let’s change the world, together.

Equal Employment Opportunity

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Apply To This Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Channel Manager, France (m/f/d)*

Remote

Presales Solutions Architect- West/Central USA

Remote

Costco Career ? MySmartPros

Remote

Director, Operations Program Management (New Product Introduction (NPI) and Launch Operations)

Remote

Experienced Part-Time Customer Service Representative – Work From Home Opportunity at careerzynith

Remote

Wedding Dress Specialist – Bridal Gown Alterations – Warren, MI

Remote

Business Development Representative

Remote

Digital & On Air Content Creator and Coordinator - Part Time

Remote

Immediate Hire – 100% Remote Work From Home Position (No Experience Needed)

Remote

Customer Operations (Workers Compensation Claims)

Remote
← Back