Application Security Engineer Apply

Posted by GitHub

GitHub is changing the way the world builds software and we want you to help change the way we build and secure GitHub. We are looking for an Application Security Engineer with a strong development and application assessment background who will focus on identifying and remediating vulnerabilities throughout the development process.

As an Application Security Engineer at GitHub you will focus on securing our libraries and applications written in Ruby on Rails and other languages that help power our platform. You will work with developers to quickly identify and fix vulnerabilities through manual review, automated security analysis, and the GitHub Bug Bounty program.

Your responsibilities will include:

  • Performing security assessments of existing and newly developed GitHub features and services

  • Clearly communicating identified vulnerabilities and identifying new assessment techniques or features to prevent them in the future

  • Triaging submissions and helping run the GitHub Bug Bounty program

  • Consulting with developers to identify and address security architecture problems with existing and future applications

  • Leveraging automated security analysis integrated within our development workflow and working to improve the accuracy and coverage of these tools

The minimum qualifications are:

  • Significant experience in the security assessment of web applications

  • Strong understanding of common and uncommon web application vulnerabilities and mitigations

  • Familiarity with modern web security features such as Content Security Policy, Subresource Integrity, and same-site cookies

  • Familiarity with or eagerness to learn about security vulnerabilities specific to Ruby on Rails

Bonus points if you have:

  • Experience with Ruby on Rails static analysis tools such as Brakeman

  • Familiarity with Git and GitHub

  • Experience assessing applications utilizing GraphQL and React

  • Experience assessing applications implementing SAML, OAuth, or JSON Web Token authentication

  • Linux and system security experience

GitHub is committed to building a diverse workforce and strongly encourages applications from people of color and other groups currently underrepresented in tech. We are looking for candidates who:

  • Display a strong commitment to building an inclusive tech environment

  • Have demonstrated resilience and resourcefulness both in and outside of the workplace

  • Can bring a new perspective based on unique educational, professional, and lived experiences

  • Can effectively communicate with people from disparate backgrounds

  • Have experience mentoring/coaching/teaching, particularly in environments with diverse students/participants


GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over ten million people use GitHub to build amazing things together. With the collaborative features of, our desktop and mobile apps, and GitHub Enterprise, it has never been easier for individuals and teams to write better code, faster.

We have a lot of exciting things to do, and we’re looking for the right people to grow with us!


Working at GitHub is, to put it simply, a special slice of the universe. We're committed to transparency, collaboration, experimentation, and always staying classy.

Because of this unique perspective, we've established one of the most flexible and well designed physical workspaces around that encourages you to work as you work best. Right now, over 60% of our employees are based outside of our San Francisco (SOMA) headquarters and work according to how they get their best stuff done.

Ensuring that GitHubbers are healthy, motivated, focused and creative is how GitHub stays awesome. Part of this is ensuring that our benefits* are out of this world.

In a nutshell, we've built and are growing a place where we truly love working, and we think you will too.

GitHub is made up of people with many different backgrounds and lifestyles, and we like it that way. We invite applications from people of all stripes. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, pregnancy status, veteran status, or any other differences that people imagine to discriminate against one another. Also, if you have a disability, please let us know if there's anything we can do to make the interview process better for you; we're happy to accommodate.

Please note that benefits vary by country, if you have any questions don't hesitate to ask your recruiter

Interested? We would love to hear more about you and your interest in joining us at GitHub! Just fill out our application here!

Similar jobs

Application © 2016 ***