Apply on Employer Site

GitHub · 6 hours ago

Principal Security Researcher

United States

Full-time

Remote

Lead/Staff

$160K/yr - $425K/yr

8+ years exp

GitHub is the world’s leading platform for agentic software development, and they are seeking a Principal Security Researcher to join their Security Lab team. This role involves driving the security research agenda, mentoring other researchers, and influencing solutions that enhance the security of open source software.

Artificial Intelligence (AI)Cloud ComputingDeveloper ToolsInternetProject ManagementSaaSSoftware

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

High impact security research - Identifies, conducts, and supports others in conducting research into critical security areas, current attacks, adversary tracking. Guides others to synthesize research findings into recommendations for mitigation of security issues. Guides team(s) by sharing expertise to identify potential security issues, tools, mitigations, and processes. Prototypes tools for large-scale security research

Analysis of security threats in Open Source - Analyzes and synthesizes collected information to address complex security problems and threats, including emerging threats (e.g. LLM prompt injections). Derive priorities for research and mitigations. Applies expert knowledge and diagnostic expertise to lead postmortem and root cause analyses for complex and/or large-scale issues in open source to specify tools and systems that support incident response, and mitigate and resolve issues across open source organizations

Priorities - Identifies, prioritizes, and targets security issues that have the biggest impact on open source and/or on GitHub’s users, or that require significant and complex mitigation

Thought leadership - Write blogs, conference talks. Leads, facilitates, and participates in industry and company-wide forums, and influences them to address the most pressing open source security issues. Position GitHub as a security expert

Be the customer’s voice - Solicits input from customers and partners, from open source or enterprises, to improve security

Internal influence - Uses their technical expertise and their understanding of the customers’ needs, from open source or enterprises, to inform and influence internal leadership forums, in order to drive meaningful security impacts in the open source ecosystem, the security of the GitHub platform, and the success of the GitHub Security Products

Qualification

Security researchCyber securitySecurity analysisSecurity engineeringSoftware developmentVulnerability disclosuresOpen source softwareThought leadershipMentoringCollaboration

Required

12+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas

OR Associate's Degree AND 11+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Bachelor's Degree AND 10+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Master's Degree AND 8+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Doctorate AND 6+ years experience in cyber security, security analysis, security engineering, software development, or relevant area

OR equivalent experience

Preferred

17+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant areas

OR Associate's Degree AND 16+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Bachelor's Degree AND 15+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Master's Degree AND 13+ years experience in security research, cyber security, security analysis, security engineering, software development, or relevant area

OR Doctorate AND 11+ years experience in cyber security, security analysis, security engineering, software development, or relevant area

OR equivalent experience

Track record of security vulnerability disclosures (CVEs) credited to you

Credited author on 1+ published article(s)/paper(s) OR Speaker/presenter at a Security-related conference

5+ years experience in relevant field (e.g., bug bounty, security research)

1+ year(s) experience in software development

1+ year(s) experience working with GitHub and/or open source software

Benefits

Annual bonus

Stock

Learning and growth opportunities

Company

GitHub

Glassdoor3.8

GitHub is a software company that offers code hosting services that allow developers to build software for open-source and private projects. It is a sub-organization of Microsoft.

Founded in 2008

San Francisco, California, USA

501-1000 employees

https://github.com

H1B Sponsorship

GitHub has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (26)

2024 (17)

2023 (14)

2022 (20)

2021 (20)

2020 (10)

Funding

Current Stage

Late Stage

Total Funding

$350M

Key Investors

Sequoia CapitalAndreessen Horowitz

2018-06-03Acquired

2015-07-29Series B· $250M

2015-06-19Secondary Market

Leadership Team

PJ Hyett

Co-Founder

Kyle Daigle

Chief Operating Officer

Recent News

36kr.com

Anthropic CPO: In 2026, for enterprise AI to actually deliver results, it must first overcome this hurdle.

2025-12-29

DevOps.com

Best of 2025: GitHub Copilot Evolves: Agent Mode and Multi-Model Support Transform DevOps Workflows

2025-12-26

SD Times

The top software development news of the year

2025-12-25

Company data provided by crunchbase