Senior Software Engineer - CodeQL and Code Review Agents

Github is the global home for all developers, and we are the complete AI-powered developer platform to build, scale, and deliver secure software.

About GitHub

Github is the home for software development, where we collaborate to build the world's leading AI-powered developer platform.

In the Copilot Agents organization at Github, we are passionate about ensuring the security and quality of the world’s software - from open source to the enterprise, written by humans and by AI tools.

Our team develops detection and remediation engines that power several Github products used by hundreds of thousands of developers and projects every day:

• CodeQL is Github's semantic code analysis engine that uses world-class static analysis research and technology to deeply analyze code, enabling the early detection of security vulnerabilities and correctness errors in software.
• Copilot Autofix is Github's LLM-powered remediation engine that produces high-quality fix suggestions for security or quality findings, empowering developers to fix them as soon as they are found or burn down the debt already existing in their codebase.
• An LLM-based detection agent currently used as the primary detection engine within the Copilot code review product.

Responsibilities

We are looking for a Senior Software Engineer to join one of the distributed software engineering teams responsible for building and expanding code analysis engines and agents at Github.

• Code analysis: Maintaining detection support for multiple programming languages.
• Building source code extractors that translate code written in each language into data that CodeQL can understand.
• Writing and maintaining queries in the CodeQL query language that accurately detect security vulnerabilities and undesirable coding patterns.
• Ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found.
• Building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages.
• Experimenting with and robustly evaluating LLM-powered detection engines and integration between LLMs and traditional static analysis.
• Foundations: Developing QL, the query language powering CodeQL analysis, and its underlying query compiler and evaluator within the CodeQL CLI.
• AI agents:
• LLM-based code review: Building, improving, and evaluating the detection agent for Copilot code review.
• LLM-based fix generation: Building, improving, and evaluating the Copilot Autofix agent.
• Improving the security and quality of code produced by Copilot coding agent.

Qualifications

Required Qualifications

• 6+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript/TypeScript, Go, Ruby, Rust, or Python.
• 3+ years of experience with one or more of the following areas: software security, developer tools, or machine learning and AI applied to understanding source code.

Preferred Qualifications

• Experience with two or more of the areas listed above.
• Experience designing and running statistically-sound experiments to measure performance and quality.
• Industry or research knowledge of compilers, program analysis, programming language design and implementation.
• Experience in security research, demonstrated by a history of identifying, analyzing, and disclosing vulnerabilities in open-source projects.

We value learning, introspection, and reflection, and we’re always looking for ways to improve as a team and as individuals.

Github is an equal opportunity employer, and we welcome applications from people of all walks of life.