Analyst, Vulnerability Management

Remote - Canada

Are you interested in securing the home for all developers? GitHub is changing the way the world builds software, and we want you to help change the way we secure GitHub. We are looking for Vulnerability Analysts to join our team, focused on vulnerability management activities in large enterprise environments.

As a Vulnerability Management Analyst, you will work alongside others across GitHub to evaluate vulnerabilities, partner with teams to drive remediation activities, report to auditors and executive leadership and automate the vulnerability management process to create a world class user experience.


  • Manage the discovery, analysis, tracking, and remediation of vulnerabilities
  • Coordinate and communicate with cross-functional teams throughout the VM lifecycle
  • Facilitate exception handling and escalation
  • Complete ad hoc and automated metrics and reporting
  • Identify and analyze potential threats to GitHub system environments including, corporate networks, third party services, and individual user endpoints
  • Support regulatory compliance monitoring and reporting
  • Monitor and Perform analysis across GitHub security systems with the ability to triage and investigate alerts
  • Provide in-depth support and monitoring for existing security platforms and processes
  • Create and maintain relevant team documentation and standards.
  • Cultivate and maintain strong relationships with business customers and stakeholders, thoroughly understanding their business needs, expectations and objectives


  • You have a proven track record in security program management, including sizable vulnerability management programs
  • Ability to handle large datasets and perform vulnerability analysis
  • Advanced knowledge related to application and network vulnerability scanning tools (eg: Nessus, Qualys, Wiz, etc.)
  • You have production experience with AWS, GCP or Azure, and are comfortable using security tools in these environments
  • You have built or integrated tools through scripts or scanning APIs in Python
  • You can speak to the technical and business impacts of a vulnerability or bug

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here:

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.


Apply for this Job

* Required