About the role
Who you are
- 2+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 1+ year(s) experience
- OR Bachelor's Degree in Computer Science or related field
- OR equivalent experience
- 1+ years of experience with one or more of the following areas:
- Software security, including static analysis, dynamic analysis, software supply chain security, and best practices in creating high-quality, secure code
- Experience building developer tools that operate on source code, such as compilers, parsers, linters, static analyzers, debuggers, CLI tools, or IDE extensions
- Machine learning applied to understanding source code, specifically using prompt engineering with large language models (LLMs) and systematic data collection and result evaluation
- The interest and ability to learn additional programming languages as required
- Ability to work with multiple stakeholders and teams across engineering, product, and design
- Excellent verbal and written communication skills
- Experience working in a distributed team, operating effectively across multiple time zones (our teams span a wide time zone range from Pacific time to Central European time)
- Passion for fostering good engineering practices, tools, and processes
- Knowledge of compilers, program analysis, programming language design and implementation
- Knowledge of logic programming or database query languages (e.g. SQL, Prolog, Datalog, Kusto Query Language)
- Building integrations with CI/CD systems, such as GitHub Actions or Jenkins
What the job involves
- Our team develops CodeQL and Copilot Autofix, detection and remediation capabilities that power the GitHub code scanning product, used by hundreds of thousands of developers and projects every day as part of GitHub's Advanced Security and Code Security offerings
- In this role, you will join one of the distributed engineering teams responsible for building and expanding the core capabilities of code scanning with CodeQL and Copilot Autofix
- Code analysis: Maintaining support for multiple programming languages, including:
- Building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported language
- Writing and maintaining queries in the CodeQL query language that accurately detect security vulnerabilities and undesirable coding patterns
- Ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found
- Building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages
- Experimenting with and robustly evaluating LLM-powered detection engines and integration between LLMs and traditional static analysis
- AI engines: Building, expanding, and robustly evaluating LLM-based engines for remediation and detection. These power Copilot code review, which produces comment suggestions for quality issues in a codebase, and Copilot Autofix, which produces fix suggestions for code scanning alerts and Copilot code review findings
- Engine quality: Developing and integrating CodeQL as a code scanning tool running in production in GitHub Actions, third-party CI systems, the command line, and the IDE; and building systems that evaluate the quality of CodeQL and LLM-based engines at large scale over thousands of codebases
- In any of the above tracks, you will work closely with various engineering teams, product managers, designers, and technical writers that build different aspects of the code scanning product, to influence product direction and deliver features to users, with clear focus on quality, reliability, and user experience
- You will engage with internal users and external users (both from enterprise customers and the open-source community) to help them succeed with the product
- You’ll influence and provide feedback on the organizational culture and processes, always looking for opportunities to improve in a continuous pursuit of excellence
Benefits
- Flexible time away to support balance in your work and life
- Clear diversity, inclusion, and anti-discrimination policies backed by business practices and company culture
- 100% of medical, dental, and vision insurance premiums covered by GitHub for you + your dependents. (Includes gender-affirming benefits)
- Five months of paid family leave to all new parents with the option to use it all at once or throughout the child’s first year
- Family forming benefits that cover fertility, infertility, adoption, and surrogacy costs and support
- Mental health benefits that offer resources and support and cover therapy and coaching sessions for you and your dependents
- Generous 401(k) matching with 50% match up to the IRS 402(g) limit (US; competitive non-US pension options internationally)
- Employee stock purchase plan that lets you purchase Microsoft stock at a discount. (Microsoft is our parent company.)
About GitHub
As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
About the role
Who you are
- 2+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 1+ year(s) experience
- OR Bachelor's Degree in Computer Science or related field
- OR equivalent experience
- 1+ years of experience with one or more of the following areas:
- Software security, including static analysis, dynamic analysis, software supply chain security, and best practices in creating high-quality, secure code
- Experience building developer tools that operate on source code, such as compilers, parsers, linters, static analyzers, debuggers, CLI tools, or IDE extensions
- Machine learning applied to understanding source code, specifically using prompt engineering with large language models (LLMs) and systematic data collection and result evaluation
- The interest and ability to learn additional programming languages as required
- Ability to work with multiple stakeholders and teams across engineering, product, and design
- Excellent verbal and written communication skills
- Experience working in a distributed team, operating effectively across multiple time zones (our teams span a wide time zone range from Pacific time to Central European time)
- Passion for fostering good engineering practices, tools, and processes
- Knowledge of compilers, program analysis, programming language design and implementation
- Knowledge of logic programming or database query languages (e.g. SQL, Prolog, Datalog, Kusto Query Language)
- Building integrations with CI/CD systems, such as GitHub Actions or Jenkins
What the job involves
- Our team develops CodeQL and Copilot Autofix, detection and remediation capabilities that power the GitHub code scanning product, used by hundreds of thousands of developers and projects every day as part of GitHub's Advanced Security and Code Security offerings
- In this role, you will join one of the distributed engineering teams responsible for building and expanding the core capabilities of code scanning with CodeQL and Copilot Autofix
- Code analysis: Maintaining support for multiple programming languages, including:
- Building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported language
- Writing and maintaining queries in the CodeQL query language that accurately detect security vulnerabilities and undesirable coding patterns
- Ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found
- Building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages
- Experimenting with and robustly evaluating LLM-powered detection engines and integration between LLMs and traditional static analysis
- AI engines: Building, expanding, and robustly evaluating LLM-based engines for remediation and detection. These power Copilot code review, which produces comment suggestions for quality issues in a codebase, and Copilot Autofix, which produces fix suggestions for code scanning alerts and Copilot code review findings
- Engine quality: Developing and integrating CodeQL as a code scanning tool running in production in GitHub Actions, third-party CI systems, the command line, and the IDE; and building systems that evaluate the quality of CodeQL and LLM-based engines at large scale over thousands of codebases
- In any of the above tracks, you will work closely with various engineering teams, product managers, designers, and technical writers that build different aspects of the code scanning product, to influence product direction and deliver features to users, with clear focus on quality, reliability, and user experience
- You will engage with internal users and external users (both from enterprise customers and the open-source community) to help them succeed with the product
- You’ll influence and provide feedback on the organizational culture and processes, always looking for opportunities to improve in a continuous pursuit of excellence
Benefits
- Flexible time away to support balance in your work and life
- Clear diversity, inclusion, and anti-discrimination policies backed by business practices and company culture
- 100% of medical, dental, and vision insurance premiums covered by GitHub for you + your dependents. (Includes gender-affirming benefits)
- Five months of paid family leave to all new parents with the option to use it all at once or throughout the child’s first year
- Family forming benefits that cover fertility, infertility, adoption, and surrogacy costs and support
- Mental health benefits that offer resources and support and cover therapy and coaching sessions for you and your dependents
- Generous 401(k) matching with 50% match up to the IRS 402(g) limit (US; competitive non-US pension options internationally)
- Employee stock purchase plan that lets you purchase Microsoft stock at a discount. (Microsoft is our parent company.)
About GitHub
As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.