Job Specifications
About GitHub
GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.
Locations
In this role you can work from Remote, United Kingdom
Overview
GitHub is the home for software development, where we collaborate to build the world's leading AI-powered developer platform.
In the Copilot Agents organization at GitHub, we are passionate about ensuring the security and quality of the world’s software - from open source to the enterprise, written by humans and by AI tools. We believe that the best way to secure and improve the quality of software is to detect actionable issues early in the development process, and actively facilitate their remediation as part of the developer workflow.
Our team develops detection and remediation engines that power several GitHub products used by hundreds of thousands of developers and projects every day:
Copilot Code Review agent is GitHub LLM-powered code review engine which provides feedback for immense volumes of code changes daily helping developers fix bugs and improve the quality of their code, leading to faster time to merge.
Copilot Autofix is GitHub's LLM-powered remediation engine that produces high-quality fix suggestions for security or quality findings, empowering developers to fix them as soon as they are found or burn down the debt already existing in their codebase. It is used as the remediation engine within the GitHub Code Security, GitHub Advanced Security, and Copilot code review products.
CodeQL is GitHub's semantic code analysis engine that uses world-class static analysis research and technology to deeply analyze code, enabling the early detection of security vulnerabilities and correctness errors in software. CodeQL supports a wide range of programming languages, including C/C++, C#, Go, Java, JavaScript/TypeScript, Kotlin, Python, Ruby, and Swift. It is used as the primary detection engine within the GitHub Code Security and GitHub Advanced Security products.
We work as a distributed group within a distributed company. The majority of our team members live across Europe, the US, and Canada, and while we do have some offices, all our meetings are location-agnostic and happen online. We operate with a high degree of autonomy and trust, and we have a significant level of influence on the product and technical direction of security and code review products at GitHub. We value learning, introspection and reflection, and we’re always looking for ways to improve as a team and as individuals, so candor and a culture that values safety to speak up are highly important to us.
Responsibilities
We are looking for a software engineer to join one of the distributed software engineering teams responsible for building and expanding code analysis engines and agents at GitHub. In this role you will work in one of the following areas, selected based on your own experience and interests, and the needs of the organization at the time of hiring:
Code analysis: Maintaining detection support for multiple programming languages, including:
building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported language
writing and maintaining queries in the CodeQL query language that accurately detect security vulnerabilities and undesirable coding patterns
ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found
building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages
experimenting with and robustly evaluating LLM-powered detection engines and integration between LLMs and traditional static analysis.
AI agents:
LLM-based code review: Building, improving, and evaluating the detection agent for Copilot code review, using LLMs and contextual information from a codebase to produce AI-powered review comments on pull requests.
LLM-based fix generation: Building, improving, and evaluating the Copilot Autofix agent, using LLMs and contextual information to produce actionable AI-powered fix suggestions for code security and quality findings.
Improving the security and quality of code produced by Copilot coding agent, using the above engines and other security products at GitHub.
In any of the above tracks, you will work closely with various engineering teams, product managers, designers, and technical writers that build different aspects of the code scanning product, to influence product direction and deliver features to users, with clear focus on quality, reliability, and user experience. You will engage with internal users and external users (both from enterprise customer
About the Company
As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 330+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
Know more