Product Security Engineer III

About GitHub GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot. Locations In this role you can work from Remote, United States Overview GitHub is transforming how the world builds secure software, and we are looking for a Product Security Engineer III to join our Product Security Engineering team. This is a hands-on engineering role focused on building internal security platforms, tooling, and automation that protect GitHub's products at scale. You will design, build, and maintain the systems that make GitHub's security program run: static analysis pipelines, agentic security tooling, supply chain defenses, and developer-integrated security controls. The ideal candidate is a strong software engineer who is passionate about application security and wants to solve security problems through code. You will partner closely with product and engineering teams to ship security improvements that scale with the organization. Responsibilities Design, build, and maintain security tooling and automation, including static analysis pipelines, secret scanning workflows, and dependency analysis systems. Contribute to scalable solutions that reduce recurring vulnerability patterns, focusing on preventing classes of vulnerabilities rather than addressing individual instances. Build and improve agentic security tooling for automated triage, assessment, and remediation of security findings. Develop security libraries, CI/CD integrations, and developer-facing tools that make the secure path the default path for engineering teams. Contribute to supply chain security defenses, building detection and prevention systems that protect GitHub's software supply chain. Collaborate with teams across the organization to address security risks and define new requirements and feature sets. Analyze key metrics and KPIs to identify trends in security issues, evaluate the effectiveness of security tooling and automation, and recommend improvements to address gaps in measurement. Qualifications Required Qualifications: 5+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree in a related field AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Bachelor's Degree in a related field AND 3+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Master's Degree in a related field AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area OR equivalent experience. 1+ year(s) of experience in building security tooling and implementing solutions in complex environments. 3+ years experience programming in at least 2 of these 3 coding languages: Ruby, Go, Python. Preferred Qualifications: Experience with static analysis tools (SAST/DAST), code scanning frameworks, or custom rule authoring. Experience building agentic or AI-driven security tooling (e.g., automated triage, classification, or remediation). Familiarity with software supply chain security concepts and tooling. Experience working in large-scale monolith or distributed service codebases. Familiarity with GitHub's products, platform, and developer ecosystem. Strong expertise in security principles, including the Security Development Lifecycle (SDL), and experience in vulnerability management. Compensation Range The base salary range for this job is USD $107,700.00 - USD $285,900.00 /Yr. These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role. GitHub values Customer-obsessed Ship to learn Growth mindset Own the outcome Better together Diverse and inclusive Manager fundamentals Model Coach Care Leadership principles Create clarity Generate energy Deliver success Who We Are GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub. Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms. Join us, and let’s change the world, together. EEO Statement GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate! Design, build, and maintain security tooling and automation, including static analysis pipelines, secret scanning workflows, and dependency analysis systems. Contribute to scalable solutions that reduce recurring vulnerability patterns, focusing on preventing classes of vulnerabilities rather than addressing individual instances. Build and improve agentic security tooling for automated triage, assessment, and remediation of security findings. Develop security libraries, CI/CD integrations, and developer-facing tools that make the secure path the default path for engineering teams. Contribute to supply chain security defenses, building detection and prevention systems that protect GitHub's software supply chain. Collaborate with teams across the organization to address security risks and define new requirements and feature sets. Analyze key metrics and KPIs to identify trends in security issues, evaluate the effectiveness of security tooling and automation, and recommend improvements to address gaps in measurement. Required Qualifications: 5+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree in a related field AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Bachelor's Degree in a related field AND 3+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Master's Degree in a related field AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area OR equivalent experience. 1+ year(s) of experience in building security tooling and implementing solutions in complex environments. 3+ years experience programming in at least 2 of these 3 coding languages: Ruby, Go, Python. Preferred Qualifications: Experience with static analysis tools (SAST/DAST), code scanning frameworks, or custom rule authoring. Experience building agentic or AI-driven security tooling (e.g., automated triage, classification, or remediation). Familiarity with software supply chain security concepts and tooling. Experience working in large-scale monolith or distributed service codebases. Familiarity with GitHub's products, platform, and developer ecosystem. Strong expertise in security principles, including the Security Development Lifecycle (SDL), and experience in vulnerability management.