GitHub is seeking a CodeQL Analysis Engineer for our Professional Services Delivery team. CodeQL is GitHub's semantic code analysis engine that lets you query code as though it were data. As a CodeQL Analysis Engineer, you will have a direct impact on the security of some of the world’s largest code bases and the most commonly used applications. Acting as a trusted advisor, you will work closely with our customers' security teams to support them in their use of CodeQL: providing recommendations, training and working on implementing custom static analyses to help discover critical vulnerabilities in their code. We are looking for a passionate technologist who can apply cutting-edge static analysis techniques to messy real-world problems and teach our customers how to do the same.
- Provide CodeQL training for developers and security engineers
- Use CodeQL to develop novel static analyses to find real vulnerabilities in our customers' code
- Be a trusted advisor for our customers on all aspects of CodeQL
- Refine and scale analyses so they can be run across 1000s of codebases
- Develop creative solutions using CodeQL to help solve challenging customer problems
- A strong foundation in Computer Science (BSc, MSc, PhD or equivalent practical experience), including familiarity with compiler construction or program analysis
- Strong understanding of programming language fundamentals and comfortable working with more than one programming language (ideally from the following: C, C++, C#, Java, JavaScript/TypeScript, Python, Ruby, Kotlin, Swift and Go)
- Must be comfortable mentoring other engineers and disseminating complex technical ideas and processes
- Strong written and verbal communication skills
- An ability to persuade customers to make hard but worthwhile technical decisions
- An ability to see the tradeoffs of technical solutions and make recommendations to customers
- A desire to help others, and to collaborate with both customers and GitHub team members
- A growth mentality and a passion for discovering new technologies
- Able to coordinate with teams across locations and time zones
- Experience with software development fundamentals (version control using git, pull request workflows etc.)
- Experience implementing or working with static analysis, with a particular focus on taint tracking or abstract interpretation; or experience implementing high-level languages (interpreters or compilers)
- Experience with Logic Programming (Datalog, Prolog, CodeQL) or Functional Programming (Haskell, OCaml, Lisp, etc.)
- Strong knowledge of secure coding practices and common types of security vulnerabilities
- Experience in a customer-facing role
- Experience using scripting languages (bash, Python, PowerShell etc.) for automation purposes
- Familiarity with relational database fundamentals