Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join GitHub's Red Team to execute offensive security operations and enhance software security.
- Company: GitHub, the leading platform for secure software development with a vibrant community.
- Benefits: Remote work, competitive pay, generous learning opportunities, and excellent benefits.
- Why this job: Make a real impact on global software security while collaborating with top engineers.
- Qualifications: 7+ years in security analysis or related fields, with offensive experience and coding skills.
- Other info: Diverse and inclusive culture that values creativity and collaboration.
The predicted salary is between 36000 - 60000 £ per year.
Join to apply for the Senior Offensive Security Engineer role at GitHub.
GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub's Red Team is an active threat emulation team that models real world threats and executes simulated attacks targeting GitHub. We're looking for an offensive security engineer to expand GitHub's Red Team operations.
In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation. You'll also provide a vital offensive perspective to many security-wide initiatives including threat modeling, table tops, and adversarial analysis. You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub.
Communication and empathy is key in this role. Your collaboration with engineers is as important as the vulnerabilities and security risks you identify. In this role you'll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company.
Responsibilities
- Conceptualize, plan, and execute offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports.
- Digest application and service architectures to identify potential threats and avenues for exploitation.
- Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures.
- Be an advocate for best security practices.
- Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
- Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation.
Qualifications
- 7+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area OR associate's degree AND 6+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area OR bachelor's degree AND 5+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area OR master's degree AND 3+ years' experience in security analysis, security research, cyber security, security engineering, or relevant area OR doctorate AND 1+ year(s) experience in security analysis, security research, cyber security, security engineering, or relevant area OR equivalent experience.
- 3+ years of offensive experience including attack simulation, capability development, or vulnerability research.
- 1+ years of experience creating tooling in Python, Go, Ruby, or Javascript.
- 1+ years experience identifying common security vulnerabilities and mitigations within web applications and cloud infrastructure.
Preferred Qualifications
- 5+ years of offensive security experience, including conducting red team engagements targeting organizations that use macOS and cloud technologies (Azure, AWS, Containers, Kubernetes, etc.).
- Strong familiarity with the GitHub platform and products.
- Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON.
- Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that.
- Experience in security architecture review and threat modeling of software systems - bonus points if you have practical experience assessing the security posture of applications written using Ruby on Rails or Go.
GitHub Values
- Customer-obsessed
- Ship to learn
- Growth mindset
- Own the outcome
- Better together
- Diverse and inclusive
Who We Are
GitHub is the world's leading AI-powered developer platform with 150 million developers and counting. We're also home to the biggest open-source community on earth. Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We're remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are.
Equal Employment Opportunity
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences.
Senior Offensive Security Engineer in London employer: GitHub
Contact Detail:
GitHub Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Offensive Security Engineer in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those at GitHub. A friendly chat can open doors and give you insights that a job description just can't.
✨Tip Number 2
Show off your skills! If you've got a portfolio or any projects that highlight your offensive security expertise, make sure to share them during interviews. It’s all about demonstrating what you can bring to the table.
✨Tip Number 3
Prepare for technical interviews by brushing up on your attack simulation techniques and vulnerability research. Practice explaining your thought process clearly; communication is key in this role!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining the GitHub team.
We think you need these skills to ace Senior Offensive Security Engineer in London
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter for the Senior Offensive Security Engineer role. Highlight your relevant experience in offensive security, especially any work with red teaming or vulnerability research. We want to see how your skills align with what GitHub is looking for!
Showcase Your Communication Skills: Since communication and empathy are key in this role, don’t forget to demonstrate these skills in your written application. Use clear and concise language, and maybe even share examples of how you've effectively collaborated with teams in the past.
Highlight Your Technical Expertise: Be sure to mention your technical skills, especially in areas like Python, Go, or Ruby. If you’ve developed any tools or contributed to open-source projects, let us know! This will show that you’re not just about theory but also practical application.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows you’re serious about joining the GitHub team!
How to prepare for a job interview at GitHub
✨Know Your Stuff
Make sure you brush up on offensive security techniques and the latest vulnerabilities. Familiarise yourself with GitHub's platform and products, as well as any recent security incidents in the industry. This will help you demonstrate your expertise and show that you're genuinely interested in the role.
✨Showcase Your Collaboration Skills
Since communication and empathy are key in this role, prepare examples of how you've successfully collaborated with engineering teams in the past. Think about times when you identified risks and worked together to implement remediation strategies. This will highlight your ability to work well with others.
✨Prepare for Technical Questions
Expect to be asked about specific offensive security scenarios and how you would approach them. Brush up on your knowledge of attack simulations, threat modelling, and vulnerability research. Practising your responses can help you articulate your thought process clearly during the interview.
✨Ask Insightful Questions
At the end of the interview, don’t forget to ask questions that show your interest in the team and the company. Inquire about their current security challenges or how they measure the success of their Red Team operations. This not only shows your enthusiasm but also helps you gauge if the company is the right fit for you.
