About GitHub:
As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
Locations:
In this role you can work from Remote, Denmark
Overview:
In the GitHub code scanning team, we are passionate about ensuring the security and quality of the world’s software - from open source to the enterprise. We believe that the best way to secure and improve the quality of software is to detect actionable issues early in the development process, and actively facilitate their remediation. This ensures that found alerts are fixed, and provides a great user experience that integrates naturally into developer workflows.
Our team develops CodeQL and Copilot Autofix, two key components powering the code scanning product that’s part of GitHub’s Advanced Security offering, used by hundreds of thousands of developers and projects every day. CodeQL is GitHub's own semantic code analysis engine that uses world-class static analysis research and technology to deeply analyze code, enabling the early detection of security vulnerabilities and correctness errors in software. CodeQL currently supports a wide range of programming languages, including C/C++, C#, Go, Java, JavaScript/TypeScript, Kotlin, Python, Ruby, Rust, and Swift. Copilot Autofix is our LLM-powered remediation system that produces high-quality fix suggestions for code scanning alerts, empowering developers to fix alerts as soon as they are found or that already exist in their codebase.
Responsibilities:
In this role, you will join one of the distributed engineering teams responsible for building and expanding the core capabilities of code scanning with CodeQL and Copilot Autofix, in one of the following tracks:
Code Analysis
In this track, you will be part of a CodeQL language analysis team that maintains CodeQL support for multiple programming languages.
You will help build source code extractors that parse and compile code written in each language, translating the source code into data that CodeQL can understand, and keeping up with the latest version of each supported language.
You will write and maintain queries in the CodeQL query language that accurately detect security vulnerabilities and incorrect coding patterns, and ensure the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found.
You will help build and maintain analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages.
CodeQL Foundations
In this track, you will be part of the CodeQL Foundations team, and work primarily on QL, the query language powering CodeQL analysis, and its underlying query compiler and evaluator within the CodeQL CLI. You will expand the expressive power of the CodeQL query language and speed up the performance of the underlying query engine, empowering the other CodeQL teams to write high-quality analysis, and ensuring that CodeQL scales to the largest codebases in the world.
CodeQL Experiences
In this track, you will be part of the CodeQL Experiences team, and work primarily on the CodeQL CLI, the CodeQL Action, and LLM-powered Copilot Autofix capabilities. You will work on integrating CodeQL as a code scanning tool running in production in GitHub Actions, third-party CI systems, the command line, and the IDE. You will work on building, expanding, and robustly evaluating the Copilot Autofix engine, which uses LLMs and contextual information from code scanning alerts to produce AI-powered fix suggestions for those alerts.
In any of the above tracks, you will work closely with various engineering teams, product managers, designers, and technical writers that build different aspects of the code scanning product, to influence product direction and deliver features to users, with clear focus on quality, reliability, and user experience. You will engage with internal users and external users (both from enterprise customers and the open-source community) to help them succeed with the product. You’ll influence and provide feedback on the organisational culture and processes, always looking for opportunities to improve in a continuous pursuit of excellence.
Qualifications:
Required Qualifications:
Experience in software engineering, with a high level of familiarity with C, C++, or Rust, and the interest and ability to learn additional programming languages as required.
In addition, applicants should have a good level of familiarity with one or more of the following areas:
Software security, including static analysis, dynamic analysis, software supply chain security, and best practices in creating high-quality, secure code
Experience building developer tools that operate on source code, such as compilers, parsers, linters, static analysers, debuggers, CLI tools, or IDE extensions
Machine learning applied to understanding source code, specifically using prompt engineering with large language models (LLMs) and systematic data collection and result evaluation
Preferred Qualifications:
Additionally, we would highly encourage applying if you have one or more of the following skills:
Experience operating user-facing software at scale, including availability and observability
Experience working in a distributed team, operating effectively across multiple time zones (our teams span a wide time zone range from Pacific time to Central European time) and of working with multiple stakeholders and teams across engineering, product, and design
Knowledge of compilers, program analysis, programming language design and implementation
Knowledge of logic programming or database query languages (e.g. SQL, Prolog, Datalog, Kusto Query Language) and building integrations with CI/CD systems, such as GitHub Actions or Jenkins
GitHub Leadership Principles:
GitHub values
- Customer-obsessed
- Ship to learn
- Growth mindset
- Own the outcome
- Better together
- Diverse and inclusive
Manager fundamentals
Leadership principles
- Create clarity
- Generate energy
- Deliver success
Who We Are:
GitHub is the world’s leading AI-powered developer platform with 100 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.
Join us, and let’s change the world, together.
EEO Statement:
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!