Skip to content

Instantly share code, notes, and snippets.

@lcartey

lcartey/codeql-analysis-engineer.md Secret

Created April 14, 2022 11:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lcartey/240e0b29726a88f55efdf7b64eaf0468 to your computer and use it in GitHub Desktop.
Save lcartey/240e0b29726a88f55efdf7b64eaf0468 to your computer and use it in GitHub Desktop.
Download ZIP
CodeQL Analysis Engineer, Professional Services
Raw
codeql-analysis-engineer.md

CodeQL Analysis Engineer, Professional Services

GitHub is seeking a CodeQL Analysis Engineer for our Professional Services Delivery team. CodeQL is GitHub's semantic code analysis engine that lets you query code as though it were data. As a CodeQL Analysis Engineer, you will have a direct impact on the security of some of the world’s largest code bases and the most commonly used applications. Acting as a trusted advisor, you will work closely with our customers' security teams to support them in their use of CodeQL: providing recommendations, training and working on implementing custom static analyses to help discover critical vulnerabilities in their code. We are looking for a passionate technologist who can apply cutting-edge static analysis techniques to messy real-world problems and teach our customers how to do the same.

Responsibilities

  • Provide CodeQL training for developers and security engineers
  • Use CodeQL to develop novel static analyses to find real vulnerabilities in our customers' code
  • Be a trusted advisor for our customers on all aspects of CodeQL
  • Refine and scale analyses so they can be run across 1000s of codebases
  • Develop creative solutions using CodeQL to help solve challenging customer problems

Qualifications

  • A strong foundation in Computer Science (BSc, MSc, PhD or equivalent practical experience), including familiarity with compiler construction or program analysis
  • Strong understanding of programming language fundamentals and comfortable working with more than one programming language (ideally from the following: C, C++, C#, Java, JavaScript/TypeScript, Python, Ruby, Kotlin, Swift and Go)
  • Must be comfortable mentoring other engineers and disseminating complex technical ideas and processes
  • Strong written and verbal communication skills
  • An ability to persuade customers to make hard but worthwhile technical decisions
  • An ability to see the tradeoffs of technical solutions and make recommendations to customers
  • A desire to help others, and to collaborate with both customers and GitHub team members
  • A growth mentality and a passion for discovering new technologies
  • Able to coordinate with teams across locations and time zones
  • Experience with software development fundamentals (version control using git, pull request workflows etc.)

Preferred Qualifications

  • Experience implementing or working with static analysis, with a particular focus on taint tracking or abstract interpretation; or experience implementing high-level languages (interpreters or compilers)
  • Experience with Logic Programming (Datalog, Prolog, CodeQL) or Functional Programming (Haskell, OCaml, Lisp, etc.)
  • Strong knowledge of secure coding practices and common types of security vulnerabilities
  • Experience in a customer-facing role
  • Experience using scripting languages (bash, Python, PowerShell etc.) for automation purposes
  • Familiarity with relational database fundamentals
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment