Key skills
PythonGoRubyAIAgenticGitHubCI/CD
About this role
GitHub is the world’s leading platform for agentic software development, and they are looking for a Product Security Engineer III to join their Product Security Engineering team. This hands-on engineering role focuses on building internal security platforms, tooling, and automation that protect GitHub's products at scale.
Responsibilities:
- Design, build, and maintain security tooling and automation, including static analysis pipelines, secret scanning workflows, and dependency analysis systems
- Contribute to scalable solutions that reduce recurring vulnerability patterns, focusing on preventing classes of vulnerabilities rather than addressing individual instances
- Build and improve agentic security tooling for automated triage, assessment, and remediation of security findings
- Develop security libraries, CI/CD integrations, and developer-facing tools that make the secure path the default path for engineering teams
- Contribute to supply chain security defenses, building detection and prevention systems that protect GitHub's software supply chain
- Collaborate with teams across the organization to address security risks and define new requirements and feature sets
- Analyze key metrics and KPIs to identify trends in security issues, evaluate the effectiveness of security tooling and automation, and recommend improvements to address gaps in measurement
Requirements:
- 5+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree in a related field AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Bachelor's Degree in a related field AND 3+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Master's Degree in a related field AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area OR equivalent experience
- 1+ year(s) of experience in building security tooling and implementing solutions in complex environments
- 3+ years experience programming in at least 2 of these 3 coding languages: Ruby, Go, Python
- Experience with static analysis tools (SAST/DAST), code scanning frameworks, or custom rule authoring
- Experience building agentic or AI-driven security tooling (e.g., automated triage, classification, or remediation)
- Familiarity with software supply chain security concepts and tooling
- Experience working in large-scale monolith or distributed service codebases
- Familiarity with GitHub's products, platform, and developer ecosystem
- Strong expertise in security principles, including the Security Development Lifecycle (SDL), and experience in vulnerability management