GitHub is looking for an experienced Cybersecurity Threat Intelligence (CTI) leader with hands-on management experience. This role will be responsible for leading the CTI function at GitHub, driving operational focus towards the latest and most relevant threats. You will report to the Senior Director of CSIRT and both build and lead a team of talented intelligence analysts.
The CSIRT team at GitHub is focused on the following areas:
- Threat Detection - Our team detects and analyzes threats against Hubbers, Hubber Devices, and GitHub Infrastructure. We hunt for malicious activity and build tools to aid in our efforts.
- Incident Response - We respond to corporate security incidents of all kinds, develop playbooks and processes to streamline compliance, and work with Hubbers and leadership across the company to mitigate security issues.
- Threat Intelligence - Our team partners with industry peers to develop, share, and respond to intelligence that may pose a threat to GitHub or our customers.
- Consulting - We collaborate with engineers throughout GitHub to design solutions to security obstacles that pragmatically balance between security, usability, and performance
As our Senior Manager of Threat Intelligence, you will work alongside members of the GitHub Security and Engineering organizations, including but not limited to, legal and privacy counsel, product security engineering, Governance/Risk/Compliance, and platform health to drive cross-functional initiatives. You will work with your team to mature GitHub’s CTI methodologies and develop effective, modern processes according to company growth and industry best practices. You will establish relationships among your peers in Security Operations while identifying and growing partnership opportunities, joint activities, and collaborative wins. A successful applicant will have a proven track record of building internal and external partnerships, creating healthy and inclusive team environments, and a desire to continue to grow as a leader and team member.
About the Role
GitHub’s CSIRT provides accurate, relevant, insightful, and timely analysis in support of security operations, incident management, and enterprise risk. The scope of the work is global and ranges from investigations of local incidents that may affect one system or application to geopolitical risks that involve the entire company.
This work is accomplished, in part, through our cybersecurity, incident response, and crisis management protocols as well as the development of strategic partnerships with private and public sector entities.
- Develop and maintain subject matter expertise in a portfolio of threat profiles, activity, and trends that threaten GitHub, its customers, employees, and infrastructure from all available sources.
- Provide actionable information by producing concise analysis and warning products in written and presentation form for internal stakeholders.
- Provide security-related analytic support to GitHub teams at all levels.
- Work with members of the GitHub team to conduct risk assessments.
- Build strategic relationships with government and private sector entities to better identify and track threats to GitHub and our customers.
- Perform data analysis to support incident response, threat detection, and risk assessments.
- Be proficient in Open Source Intelligence (OSINT) methodologies.
- Monitor and report on risk to our leadership team and employees.
- Excellent written and verbal communication skills. Specifically, you should be able to lead readers or listeners through a chain of evidence at a technical level appropriate to the audience.
- Foundational knowledge of scripting languages (e.g. Python) and their applications for security analysis
- Strong knowledge of network security fundamentals and their relationship to threat actor tracking. You should be very familiar with TCP/IP and DNS, and you should be able to explain the basics of TLS, BGP, and modern identity and access management technologies.
- Foundational knowledge of Linux and MacOS command line tools.
- Knowledge of open source intelligence tools and methodologies.
- Ability to prioritize work in a fast-paced environment.
- Ability to handle sensitive and compartmented information through secure channels.
- Ability to work remotely and autonomously.
- Experience working for a distributed, global organization.
- Experience working with threat intelligence, threat detection, and incident response teams.
- Experience surfacing relevant data points from large swaths of data
- Experience with multiple query languages, e.g. SQL, Splunk, KQL.
- Knowledge of contemporary software development practices and tooling, such as git, GitHub, and software supply chain issues.
- An understanding of how threat actors abuse or attack large web platforms; account takeover, scams, malware distribution, and ransomware are helpful areas to understand.
(Colorado only*) Minimum salary of $104,400 to maximum $221,500 + bonus + equity + benefits.
· Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in Colorado.
Who We Are:
GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.