Staff Security Analyst (GRCC)

Staff Security Analyst

GitHub is the world's leading AI-powered developer platform with 150 million developers and counting. We're also home to the biggest open-source community on earth (and 99% of the world's software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub. Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We're remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms. Join us, and let's change the world, together.

In this role you can work from Remote, United States.

Responsibilities

• Security Issues Analysis: Proactively analyzes highly complex issues using multiple data sources to identify security problems and defines strategies for balancing security and operational needs.
• Customer Engagement: Drives customer engagement for complex, high-impact issues that materially affect customer experience and business outcomes. Leads cross-functional coordination to assess, prioritize, and resolve escalations, creates and scales repeatable tooling, guidance and best practices that reduce recurring challenges, and enables teams to proactively identify risks, improve issue resolution, and strengthen customer trust and adoption.
• Leadership & Review: Leads large-scale security, architectural, and design reviews for feature areas, ensuring best practices for security architecture, design, and development are in place.
• Expertise & Mentorship: Helps others by sharing expertise to identify potential security issues, tools, and mitigations (e.g., threat modeling) and mentors others on determining the most appropriate format for communicating highly technical information.
• Risk Management: Collaborates with leadership to resolve the most complex security issues and risks that require highly innovative solutions, identifying unique defects or threats in the product.

Qualifications

Required Qualifications:

• 10+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR equivalent experience.
• 3+ years experience in a role with large enterprise, government, and/or highly regulated customer interactions, both asynchronous and synchronous.

Preferred Qualifications:

• Regulatory Depth: Deep experience executing activities along the full audit life cycle (planning, execution, reporting, remediation) for FedRAMP Mod+ or equivalent frameworks.
• BCDR Leadership: Proven track record designing and testing Business Continuity and Disaster Recovery programs for large-scale SaaS environments.
• "Human API": Demonstrated ability to function as a bridge between business views and technical requirements, translating highly technical information to non-technical audiences.
• Very high comfort level working under ambiguous situations, with a natural drive to bring clarity and challenge assumptions.
• 1+ year(s) leading a security function or program (e.g., Security Development Lifecycle, Governance, Risk, & Compliance [GRC]).

The base salary range for this job is USD $140,400.00 - USD $372,300.00 /Yr. These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.

GitHub values:

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

Manager fundamentals:

• Model
• Coach
• Care

Leadership principles:

• Create clarity
• Generate energy
• Deliver success