Offensive Security Engineer, Red Team

3 weeks ago

United Kingdom GitHub, Inc. Full time

About GitHub

As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.

Locations

In this role you can work from Remote, United Kingdom

Overview

GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks on GitHub. We're looking for a security engineer to expand GitHub’s Red Team operations.

In this role you will execute both red and purple flavored offensive operations, deliver results to key stakeholders through written reports and live briefings, and partner with product teams for remediation. You'll also provide a vital offensive perspective to many security-wide initiatives including threat modeling, table tops, and adversarial analysis. You'll also work closely with the detections, IR, and engineering teams to continuously improve their processes and procedures to help secure GitHub..

Communication and empathy is key in this role. Your collaboration with engineers is as important as the vulnerabilities and security risks you identify. In this role you’ll not only need to be creative and thorough in the attacks you perform, but also in helping drive the remediation strategies with teams across the company.


Responsibilities

  • Conceptualize, plan, and execute basic offensive operations, with an understanding of operational security, developing novel offensive techniques, and leveraging threat intelligence reports

  • Digest application and service architectures to identify potential threats and avenues for exploitation

  • Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures

  • Be an advocate for best security practices

  • Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.

  • Collaborate empathetically with engineering teams and leadership to communicate identified risks and expectations for remediation


Qualifications

Required Qualifications:

  • Offensive experience including attack simulation, capability development, or vulnerability research

  • Experience writing tooling in Python, Go, Ruby, or Javascript

  • Familiarity with common security vulnerabilities and mitigations within web applications and cloud infrastructure

  • Hands-on experience with cloud technologies (Azure, AWS, Containers, Kubernetes, etc.)

  • Demonstrated ability to work empathetically with blue team peers to foster effective and productive relationships

Preferred Qualifications:

  • Excellent written and verbal communication skills targeting a broad range of audiences from engineers to leadership

  • Contributed to open-source offensive security tooling or delivered novel research at industry conferences such as Black Hat or DEFCON

  • Experience in security architecture review and threat modeling of software systems

  • Practical experience with red team engagements targeting organizations that use macOS, Linux, and cloud infrastructure, including Azure and AWS

  • Knowledge of approaches to evade EDR and similar defensive controls - bonus points if you have experience developing tools to do that

  • Practical experience assessing the security posture of applications written using Ruby on Rails or Go

GitHub values

  • Customer-obsessed
  • Ship to learn
  • Growth mindset
  • Own the outcome
  • Better together
  • Diverse and inclusive

Manager fundamentals

  • Model
  • Coach
  • Care

Leadership principles

  • Create clarity
  • Generate energy
  • Deliver success
Who We Are

GitHub is the world’s leading AI-powered developer platform with 100 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.
Join us, and let’s change the world, together.
#J-18808-Ljbffr

  • Red Teamer

    4 weeks ago

    United Kingdom InterEx Group Full time

    Location: Netherlands Type: Full Time Unique RED Teamer / Netherlands / Cyber security We are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team. Unique Red Teamer /...

  • Red Teamer

    1 month ago

    United Kingdom InterEx Group Full time

    Location: NetherlandsType: Full TimeUnique RED Teamer / Netherlands / Cyber securityWe are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team.Unique Red Teamer /...

  • Red Teamer

    1 month ago

    United Kingdom InterEx Group Full time

    Location: NetherlandsType: Full TimeUnique RED Teamer / Netherlands / Cyber securityWe are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team.Unique Red Teamer /...

  • Red Teamer

    1 month ago

    United Kingdom InterEx Group Full time

    Location: Netherlands Type: Full Time Unique RED Teamer / Netherlands / Cyber security We are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team. Unique Red Teamer /...

  • Red Teamer

    1 month ago

    United Kingdom InterEx Group Full time

    Location: NetherlandsType: Full TimeUnique RED Teamer / Netherlands / Cyber securityWe are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team.Unique Red Teamer /...

  • Red Teamer

    1 month ago

    United Kingdom InterEx Group Full time

    Location: Netherlands Type: Full Time Unique RED Teamer / Netherlands / Cyber security We are working exclusively with recently top partner in cyber security who are currently developing their offensive security presence in the Netherlands. They are looking to build a strong team of RED Teamers to revolutionize their security team. Unique Red Teamer /...

  • Offensive Security Engineer

    1 month ago

    United Kingdom Saragossa Full time

    Do you think attack is the best form of defence? Or is a combination better? You’re going to be using your extensive background in offensive security to make sure this business, who are one of the largest investment managers in the UK, are aware of all potential vulnerabilities in their systems, both existing and newly built. This job involves speaking...

  • Offensive Security Engineer

    1 month ago

    United Kingdom Saragossa Full time

    Do you think attack is the best form of defence? Or is a combination better? You’re going to be using your extensive background in offensive security to make sure this business, who are one of the largest investment managers in the UK, are aware of all potential vulnerabilities in their systems, both existing and newly built. This job involves speaking...

  • Senior Offensive Security Consultant

    1 week ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Senior Offensive Security Consultant – UK Based - £50k-£75k Join one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based team. The...

  • Senior Offensive Security Consultant

    1 week ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Senior Offensive Security Consultant – UK Based - £50k-£75k Join one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based...

  • Senior Offensive Security Consultant

    1 week ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Senior Offensive Security Consultant – UK Based - £50k-£75kJoin one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based team.The...

  • Senior Offensive Security Consultant

    4 days ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time €50,000 - €75,000

    Senior Offensive Security Consultant – UK Based - £50k-£75k Join one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based...

  • Senior Offensive Security Consultant

    7 days ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Senior Offensive Security Consultant – UK Based - £50k-£75kJoin one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based team.The...

  • Penetration Tester

    2 weeks ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Junior Infrastructure Penetration Tester – UK Based - £25k-£40k As a Junior Penetration Tester, with a focus on Infrastructure testing, you will get the opportunity to conduct penetration test within a commercial environment, producing written reports to appropriate standards and within agreed deadlines. This position boasts a well-rounded...

  • Regional Sales Manager

    6 days ago

    United Kingdom Usurpo Full time

    Our client provides a disruptive offensive security solution which has already seen success in the US and EMEA, and as a result has recently secured an additional funding round. They are now building out their EMEA team following this success and investment. Job Title: Regional Sales Manager - UK Location: UK (remote) Job Description: Our client is seeking...

  • Regional Sales Manager

    6 days ago

    United Kingdom Usurpo Full time

    Our client provides a disruptive offensive security solution which has already seen success in the US and EMEA, and as a result has recently secured an additional funding round. They are now building out their EMEA team following this success and investment. Job Title: Regional Sales Manager - UKLocation: UK (remote)Job Description:Our client is seeking a...

  • Regional Sales Manager

    4 days ago

    United Kingdom Usurpo Full time

    Our client provides a disruptive offensive security solution which has already seen success in the US and EMEA, and as a result has recently secured an additional funding round. They are now building out their EMEA team following this success and investment. Job Title: Regional Sales Manager - UK Location: UK (remote) Job Description: Our client is...

  • Regional Sales Manager

    6 days ago

    United Kingdom Usurpo Full time

    Our client provides a disruptive offensive security solution which has already seen success in the US and EMEA, and as a result has recently secured an additional funding round. They are now building out their EMEA team following this success and investment. Job Title: Regional Sales Manager - UK Location: UK (remote) Job Description: Our client is...

  • Regional Sales Manager

    4 days ago

    United Kingdom Usurpo Full time

    Our client provides a disruptive offensive security solution which has already seen success in the US and EMEA, and as a result has recently secured an additional funding round. They are now building out their EMEA team following this success and investment. Job Title: Regional Sales Manager - UKLocation: UK (remote)Job Description:Our client is seeking a...

  • Cyber Security Specialist

    1 week ago

    United Kingdom LT Harper - Cyber Security Recruitment Full time

    Senior Offensive Security Consultant – UK Based - £50k-£75k Join one of the UK's largest consultancies as a Senior Penetration Tester as you work closely with some of the industry's best Cybersecurity professionals. The company are rapidly expanding their offensive team and are currently looking for Senior Testers to join their UK based team. ...