Staff Security Engineer
About GitHub GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot. Locations In this role you can work from Remote, United States
Overview
GitHub is changing the way the world builds software, and we want you to help secure GitHub. We're looking for a Staff Software Engineer to lead the technical direction of Identity & Access Management for GitHub's workforce and production systems. Identity is foundational to GitHub's regulatory commitments, our cloud strategy, and the security of every Hubber's access to internal infrastructure. Getting it right is one of the highest-leverage things we can do. As part of Infrastructure Security – Identity & Access Management, you will set the architectural direction across entitlements, privileged access, identity lifecycle, identity federation, and secured admin workstations. You will lead by example as a hands-on engineer, mentor senior ICs, and act as the IAM team's technical voice in cross-org design reviews. This role exists to make secure access boring at GitHub scale through code, paved paths, and agent-consumable interfaces, not policy memos.
Responsibilities
Set the technical direction for GitHub's identity and access management service area. Lead architecture and design across identity lifecycle, entitlements, privileged access, identity federation, and the workforce IDP. Author and shepherd design reviews; Lead multi-quarter IAM platform evolution. Take complex identity programs (e.g., IDP migrations, privileged access maturation, identity lifecycle automation) from architecture through production rollout. Prioritize long-term correctness over shallow wins; design for reversibility, parity validation, and phased cutovers that let dependent workstreams proceed without regression. Make least-privilege and just-in-time access the default for production systems. Lead the design of least privileged access within production systems; partner with adjacent Engineering teams on evolving production system access patterns. Own reliability, supportability, and operational maturity for IAM services. Participate in and provide technical leadership for the on-call rotation; lead postmortems; reduce incident volume through systemic fixes. Set the quality bar for testing, observability, deployment safety, and rollback across the IAM service area. Mentor senior engineers and raise the bar for code and design review.
Qualifications
Required Qualifications: 9+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or PythonOR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 8+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Bachelor's Degree in Computer Science or related field AND 7+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR Doctorate in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 3+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python OR equivalent experience. Preferred Qualifications: Experience with identity directories and IDPs (e.g., Okta, Entra ID / Azure AD) and authentication/authorization protocols (OAuth, OIDC, SAML, SCIM). Experience leading an enterprise IDP migration or large-scale identity platform consolidation, including parity validation, device trust, and phased cutovers. Experience operating IAM services in one or more major cloud environments (AWS, Azure, or GCP). Experience designing systems and APIs intended for programmatic or AI-agent consumption (e.g., structured tool APIs, agentic workflows, paved-path templates). Experience providing technical leadership for a production identity services
Compensation
Range The base salary range for this job is USD $140,400.00 - USD $372,300.00 /Yr. These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role. This position will be open for a minimum of 3 days, with applications accepted on an ongoing basis until the position is filled. GitHub values Customer-obsessed Ship to learn Growth mindset Own the outcome Better together Diverse and inclusive Manager fundamentals Model Coach Care Leadership principles Create clarity Generate energy Deliver success Who We Are GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub. Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms. Join us, and let’s change the world, together. EEO Statement GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate! Apply To This Job