Product Security Engineering

GitHub is the best place to build software together. Over 12 million people use GitHub to share code and build amazing things with friends, co-workers, classmates, and complete strangers. With the collaborative features of GitHub.com, our desktop and mobile apps, and GitHub Enterprise, it has never been easier for individuals and teams to write better code, faster.

GitHub is looking for a Product Security Intern who is excited about securing web applications. Keeping our users' data secure is one of GitHub's highest priorities. We live on the bleeding edge of security technology, employing innovative as well as proven defenses to keep our users safe from the multitude of threats we face. As an intern, you will work closely with the product security team to create security features to protect GitHub users.

* Familiarize yourself with the Credential Management spec and understand the problems it addresses. * Collaborate with the team to define the milestones and scope of work. * Implement the front-end and back-end changes needed to integrate the spec into the authentication flow of GitHub.com. * Participate in collaborative code review to ensure that code is high quality and ready for production deployment. * Solicit feedback after shipping it to internal users to identify any previously unknown bugs or parts of the user experience that could use improvement. **What you (the intern) will learn:** * Learn about the current state of user authentication and the various security concerns with authenticating users, use of credential managers, etc. * Learn about emerging browser security standards and how they can be used to help protect GitHub users. * Learn the "GitHub flow" for developing software (from project inception to production deployment).

**Qualifications/Experience:** * A passion for learning. * Strong written communication skills. * Interest in defensive security techniques (Content Security Policy, API hardening, etc). * Interest in web application security (Eg. Cross-Site Scripting, SQL injection, etc). * Some experience with web development (Eg. Ruby on Rails).