Senior CodeQL Analysis Engineer

About GitHub

As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code. **

Locations**

In this role you can work from Remote, United Kingdom **

Overview**

GitHub is seeking a Senior CodeQL Analysis Engineer for our CodeQL Expert Services team. CodeQL is GitHub's industry-leading semantic code analysis engine that lets you query code as though it were data, and is usually deployed as part of our wider GitHub Advanced Security offering. Our team supports the adoption of CodeQL amongst some of our largest and most interesting customers.

As a Senior CodeQL Analysis Engineer, you will have a direct impact on the security of some of the world’s largest code bases and the most commonly used applications. Acting as a trusted advisor, you will work closely with our customers' security teams to support them in their use of CodeQL: developing bespoke solutions using CodeQL, providing recommendations, training and working on implementing custom static analyses to help discover critical vulnerabilities in their code. We are looking for a passionate technologist who can apply cutting-edge static analysis techniques to messy real-world problems and teach our customers how to do the same.

Examples of past projects the team have undertaken include the development of over 850 CodeQL queries to cover various C/C++ Coding Standards for use in functional safety workflows in the automotive industry, the creation of a CodeQL development toolkit for supporting custom CodeQL development, working with customers to validate static contracts in C/C++ code using CodeQL and deploying cutting-edge AI technology in order to drive automatic remediation of security vulnerabilities. We also work to train customers in the use of CodeQL and help drive adoption through increasing library and framework coverage for our security queries. **

Responsibilities**

• Develop creative bespoke solutions using CodeQL to help solve challenging customer problems
• Use CodeQL to develop static analyses to find vulnerabilities in our customers' code
• Refine and scale analyses so they can be run across 1000s of codebases
• Provide CodeQL training for developers and security engineers
• Support the product development and adoption of AI-powered CodeQL features, such as autofix, through customer engagements
• Be a trusted advisor for our customers on all aspects of CodeQL

Qualifications

Required Qualifications:

• Several years of experience as a software engineer, software consultant, or software security engineer and fluent in software development fundamentals (version control using git, pull request workflows etc.) or equivalent education in relevant fields
• Multiple years of experience in developing or customizing source code analysis tools, compilers, debuggers, IDE tools or similar and a strong understanding of programming language fundamentals
• Demonstrable ability with at least one of the languages supported by CodeQL (C, C++, C#, Java, JavaScript/TypeScript, Python, Ruby, Kotlin, Swift and Go)

Preferred Qualifications

• Implementing or working with static analysis, with a particular focus on taint tracking or abstract interpretation; or experience implementing high-level languages (interpreters or compilers)
• Logic Programming (Datalog, Prolog, CodeQL) or Functional Programming (Haskell, OCaml, Lisp, etc.)
• Secure coding practices and triaging common types of security vulnerabilities
• Relational database fundamentals
• Working directly with customers or stakeholders to scope, propose and implement technical solutions
• Mentoring and educating other engineers and disseminating complex technical ideas and processes

GitHub values

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

Manager fundamentals

• Model
• Coach
• Care

Leadership principles

• Create clarity
• Generate energy
• Deliver success

Who We Are

GitHub is the world’s leading AI-powered developer platform with 100 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.

Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.

Join us, and let’s change the world, together.