• In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation
• You'll also provide a vital offensive perspective to many security-wide initiatives including threat modeling, table tops, and adversarial analysis
• You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub
• Your collaboration with engineers is as important as the vulnerabilities and security risks you identify
• In this role you’ll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company
• Conceptualize, plan, and execute offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports
• Digest application and service architectures to identify potential threats and avenues for exploitation
• Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
• Be an advocate for best security practices
• Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems
• Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation
• Ship to learn
• Create clarity

Generate energy

• OR equivalent experience
• 3+ years of offensive experience including attack simulation, capability development, or vulnerability research
• 1+ years of experience creating tooling in Python, Go, Ruby, or Javascript

1+ years experience identifying common security vulnerabilities and mitigations within web applications and cloud infrastructure

• 7+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR associate's degree AND 6+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR bachelor's degree AND 5+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR master's degree AND 3+ years’ experience in security analysis, security research, cyber security, security engineering, or relevant area

OR doctorate AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area

• Compensation Range
• The base salary range for this job is USD $124,000.00 - USD $329,200.00 /Yr
• These pay ranges are intended to cover roles based across the United States
• An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant
• At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock
• These rewards are allocated based on individual impact in role

In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role