The GitHub Advanced Security Engineer owns the implementation and operation of GitHub Advanced Security (GHAS) across an enterprise engineering organisation — embedding security into the development workflow through code scanning, secret scanning, dependency review and Copilot Autofix. This role sits at the intersection of security engineering and developer experience, ensuring security controls are effective without creating friction that causes engineers to work around them. Role & Responsibilities: • Deploy and configure GitHub Advanced Security across the enterprise: enabling code scanning, secret scanning, push protection and dependency review at scale • Write and maintain custom CodeQL queries for application-specific vulnerability patterns — going beyond the default query suite to catch security issues unique to the organisation's codebase • Configure and tune GHAS to reduce false positives: customising scan configurations, maintaining allowlists and building the alert triage processes that keep security findings actionable • Implement and operate GitHub secret scanning with push protection: configuring custom patterns, managing partner integrations and building the response workflows for detected secrets • Use Copilot Autofix to accelerate security remediation: evaluating AI-generated fixes for correctness, training developers on how to validate and apply automated security fixes responsibly • Build security metrics and reporting: tracking vulnerability density trends, time-to-remediation, secret leak rates and GHAS ROI for security leadership • Work with development teams to embed security into their GitHub workflow: pull request security gates, branch protection rules and security review processes • Evaluate AI-powered security features: GitHub Copilot security features, AI-assisted code review and automated dependency patching capabilities Required Skills & Experience: • 5+ years of application security or DevSecOps experience with at least 2 years using GitHub Advanced Security • CodeQL expertise: writing custom queries, understanding the CodeQL data model and tuning query performance • Experience deploying GHAS at enterprise scale: across hundreds of repositories, with governance policies and exception management • Strong understanding of common vulnerability classes: OWASP Top 10, CWE Top 25, secrets management failures and supply chain risks • GitHub Enterprise administration experience: organisation and enterprise policies, SAML SSO, audit streaming • Python or JavaScript for CodeQL query development and security tooling automation • GitHub Advanced Security certification required; GitHub Actions certification is a strong advantage What We Offer: • Specialist security engineering role with enterprise-wide impact • Salary £80,000–£105,000 based on experience • Remote-first with security team travel • Direct partnership with CISO and engineering leadership The GitHub Advanced Security Engineer embeds security into the development workflow — not as an external gate, but as an integrated, developer-friendly capability. If you have deployed GHAS at scale, written custom CodeQL and built the processes that make security findings get fixed, this role is yours.
Remote · UK / US | £80,000–£105,000