Brandon Stewart is a Product Security Engineer with 11 years of experience building tooling to detect and triage vulnerabilities at scale, currently enabling automated CodeQL and Secret Scanning workflows at GitHub. He blends back-end engineering expertise—especially in Ruby/Rails and CodeQL query development—with hands-on application security practices he honed at Vote.org and Sleep Number. His open-source contributions to the high-profile github/codeql project improved ActiveRecord analysis and expanded Kotlin extraction support, reflecting a knack for making static analysis more precise. A former Navy Intelligence Specialist with TS/SCI clearance, he brings disciplined threat analysis and operational rigor to secure software delivery. Based in Atlanta, he pairs production-grade engineering with a pragmatic focus on measurable impact across large, diverse codebases.
11 years of coding experience
6 years of employment as a software developer
Bachelor of Science (BS) Management Information Systems and Business Analytics, Bachelor of Science (BS) Management Information Systems and Business Analytics at Colorado State University Global
Back End Engineering Program, Back End Engineering Program at Turing School of Software & Design
Associate of Arts (A.A.) Liberal Arts and Sciences/Liberal Studies, Associate of Arts (A.A.) Liberal Arts and Sciences/Liberal Studies at Mt. San Jacinto College
Outdoor Educator Course with WFR Outdoor Education, Outdoor Educator Course with WFR Outdoor Education at NOLS
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Role in this project:
Back-end Developer
Contributions:1 review, 16 commits, 2 PRs in 8 days
Contributions summary:Brandon primarily contributed to the CodeQL codebase, focusing on improving the analysis of Ruby code. Their work involved refining the representation of ActiveRecord models within the CodeQL framework by modifying and enhancing existing queries and libraries related to ActiveRecord instance method calls. These modifications included updates to documentation, code formatting and minor code changes. They also made changes to support additional features for Kotlin code extraction.
Contributions:35 PRs, 63 pushes, 50 branches in 4 years 5 months
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.