GitHub is looking for an experienced Cybersecurity Threat Intelligence (CTI) leader with hands-on management experience. This role will be responsible for leading the CTI function at GitHub, driving operational focus towards the latest and most relevant threats. You will report to the Senior Director of CSIRT and both build and lead a team of talented intelligence analysts.

The CSIRT team at GitHub is focused on the following areas:

  • Threat Detection - Our team detects and analyzes threats against Hubbers, Hubber Devices, and GitHub Infrastructure. We hunt for malicious activity and build tools to aid in our efforts.
  • Incident Response - We respond to corporate security incidents of all kinds, develop playbooks and processes to streamline compliance, and work with Hubbers and leadership across the company to mitigate security issues.
  • Threat Intelligence - Our team partners with industry peers to develop, share, and respond to intelligence that may pose a threat to GitHub or our customers.
  • Consulting - We collaborate with engineers throughout GitHub to design solutions to security obstacles that pragmatically balance between security, usability, and performance

As our Senior Manager of Threat Intelligence, you will work alongside members of the GitHub Security and Engineering organizations, including but not limited to, legal and privacy counsel, product security engineering, Governance/Risk/Compliance, and platform health to drive cross-functional initiatives. You will work with your team to mature GitHub’s CTI methodologies and develop effective, modern processes according to company growth and industry best practices. You will establish relationships among your peers in Security Operations while identifying and growing partnership opportunities, joint activities, and collaborative wins. A successful applicant will have a proven track record of building internal and external partnerships, creating healthy and inclusive team environments, and a desire to continue to grow as a leader and team member.

About the Role

GitHub’s CSIRT provides accurate, relevant, insightful, and timely analysis in support of security operations, incident management, and enterprise risk. The scope of the work is global and ranges from investigations of local incidents that may affect one system or application to geopolitical risks that involve the entire company. 

This work is accomplished, in part, through our cybersecurity, incident response, and crisis management protocols as well as the development of strategic partnerships with private and public sector entities.


  • Develop and maintain subject matter expertise in a portfolio of threat profiles, activity, and trends that threaten GitHub, its customers, employees, and infrastructure from all available sources.
  • Provide actionable information by producing concise analysis and warning products in written and presentation form for internal stakeholders.
  • Provide security-related analytic support to GitHub teams at all levels.
  • Work with members of the GitHub team to conduct risk assessments.
  • Build strategic relationships with government and private sector entities to better identify and track threats to GitHub and our customers.
  • Perform data analysis to support incident response, threat detection, and risk assessments.
  • Be proficient in Open Source Intelligence (OSINT) methodologies.
  • Monitor and report on risk to our leadership team and employees.


  • Excellent written and verbal communication skills. Specifically, you should be able to lead readers or listeners through a chain of evidence at a technical level appropriate to the audience.
  • Foundational knowledge of scripting languages (e.g. Python) and their applications for security analysis
  • Strong knowledge of network security fundamentals and their relationship to threat actor tracking. You should be very familiar with TCP/IP and DNS, and you should be able to explain the basics of TLS, BGP, and modern identity and access management technologies.
  • Foundational knowledge of Linux and MacOS command line tools.
  • Knowledge of open source intelligence tools and methodologies.
  • Ability to prioritize work in a fast-paced environment.
  • Ability to handle sensitive and compartmented information through secure channels.
  • Ability to work remotely and autonomously.  

Preferred experience:

  • Experience working for a distributed, global organization.
  • Experience working with threat intelligence, threat detection, and incident response teams.
  • Experience surfacing relevant data points from large swaths of data
  • Experience with multiple query languages, e.g. SQL, Splunk, KQL.
  • Knowledge of contemporary software development practices and tooling, such as git, GitHub, and software supply chain issues.
  • An understanding of how threat actors abuse or attack large web platforms; account takeover, scams, malware distribution, and ransomware are helpful areas to understand.

(Colorado only*) Minimum salary of $104,400 to maximum $221,500 + bonus + equity + benefits.
· Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in Colorado. 

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here:

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.


Apply for this Job

* Required

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in GitHub’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.