Every detection service we ship — SAST, DAST, SCA, secrets, cloud posture — shares one pipeline shape and one bar for correctness. You'll own real slices of that system, from taint-analysis code graphs to the distributed logic that decides whether a PR is safe to merge.
What you'll do
- Build and extend detection and remediation pipelines across our security services, in Go and Python.
- Work on genuinely hard distributed-systems problems: deterministic PR check runs, idempotent scan orchestration, fair queuing across thousands of customer repos.
- Ship code that's held to a real bar — typed, tested, reviewed, and deployed by commit sha with no shortcuts.
- Work close to the product: what you build shows up as a fix in a real engineer's PR within days, not quarters.
What you bring
- Strong fundamentals in Go and/or Python, and the judgment to know when to reach for which.
- Experience with production distributed systems — queues, state machines, idempotency, failure modes.
- A preference for simple, correct code over clever abstractions.
- Curiosity about security, even if it's not your background yet.