<strong>About GitHub</strong><br><br>GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.<br> <br><strong>Locations</strong><br><br>In this role you can work from Remote, United States<br> <br><strong>Overview</strong><br><br><div><p><span xml:lang="EN-US" data-contrast="none">Do you love the opportunity to "Fix It, Build It, Understand It"? As a Staff Security Analyst under the Governance, Risk, Compliance and Customer Trust team within GitHub Security, you will build and execute strategy to meet compliance goals and build durable customer trust and engagement programs. You will serve as a "Human API," proactively analyzing highly complex issues to bridge the gap between business requirements and the technologists building solutions. This role is uniquely positioned to build relationships across Engineering, Infrastructure, and Legal to drive enterprise objectives and build trust in GitHub products.</span><span data-ccp-props="{" 335559738":240,"335559739":240}"=""> </span></p></div><div><p> </p><p><span xml:lang="EN-US" data-contrast="none">This position may require travel several times per year, but is minimal.</span></p></div> <br><strong>Responsibilities</strong><br><br><div><ul><li><span xml:lang="EN-US" data-contrast="none">Security Issues Analysis:</span><span xml:lang="EN-US" data-contrast="none"> Proactively analyzes highly complex issues using multiple data sources to identify security problems and defines strategies for balancing security and operational needs.</span> </li><li><span xml:lang="EN-US" data-contrast="none">Customer Engagement</span><span xml:lang="EN-US" data-contrast="none">: Drives customer engagement for complex, high-impact issues that materially affect customer experience and business outcomes. Leads cross-functional coordination to assess, prioritize, and resolve escalations, creates and scales repeatable tooling, guidance and best practices that reduce recurring challenges, and enables teams to proactively identify risks, improve issue resolution, and strengthen customer trust and adoption.</span> </li><li><span xml:lang="EN" data-contrast="none">Leadership & Review:</span><span xml:lang="EN" data-contrast="none"> Leads large-scale security, architectural, and design reviews for feature areas, ensuring best practices for security architecture, design, and development are in place.</span> </li><li><span xml:lang="EN-US" data-contrast="none">Expertise & Mentorship:</span><span xml:lang="EN-US" data-contrast="none"> Helps others by sharing expertise to identify potential security issues, tools, and mitigations (e.g., threat modeling) and mentors others on determining the most appropriate format for communicating highly technical information.</span> </li><li><span xml:lang="EN-US" data-contrast="none">Risk Management:</span><span xml:lang="EN-US" data-contrast="none"> Collaborates with leadership to resolve the most complex security issues and risks that require highly innovative solutions, identifying unique defects or threats in the product.</span><span data-ccp-props="{" 335559739":240}"=""> </span></li></ul></div> <br><strong>Qualifications</strong><br><br><div><p><strong><span xml:lang="EN" data-contrast="none">Required Qualifications:</span></strong></p><ul><li>10+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area<ul><li>OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area</li><li>OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area</li><li>OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area</li><li>OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area o OR equivalent experience.</li></ul></li><li><span xml:lang="EN-US" data-contrast="none">3+ years experience in a role with large enterprise, government, and/or highly regulated customer interactions, both asynchronous and synchronous.</span><span data-ccp-props="{" 335559737":-120,"335559739":0}"=""> </span></li></ul></div><div><p><strong><span xml:lang="EN" data-contrast="none">Preferred Qualifications</span><span data-ccp-props="{" 335559738":240,"335559739":240}"="">:</span></strong></p></div><div><ul style="list-style-type: disc;" role="list"><li role="listitem" aria-setsize="-1" data-leveltext="●" data-font="Symbol" data-listid="1" data-list-defn-props="{" 335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridmultilevel"}"="" data-aria-posinset="1" data-aria-level="1"><p><span xml:lang="EN" data-contrast="none">Regulatory Depth:</span><span xml:lang="EN" data-contrast="none"> Deep experience executing activities along the full audit life cycle (planning, execution, reporting, remediation) for FedRAMP Mod+ or equivalent frameworks.</span></p></li><li role="listitem" aria-setsize="-1" data-leveltext="●" data-font="Symbol" data-listid="1" data-list-defn-props="{" 335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridmultilevel"}"="" data-aria-posinset="1" data-aria-level="1"><p><span xml:lang="EN-US" data-contrast="none">BCDR Leadership:</span><span xml:lang="EN-US" data-contrast="none"> Proven track record designing and testing Business Continuity and Disaster Recovery programs for large-scale SaaS environments.</span></p></li><li role="listitem" aria-setsize="-1" data-leveltext="●" data-font="Symbol" data-listid="1" data-list-defn-props="{" 335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridmultilevel"}"="" data-aria-posinset="1" data-aria-level="1"><p><span xml:lang="EN-US" data-contrast="none">"Human API":</span><span xml:lang="EN-US" data-contrast="none"> Demonstrated ability to function as a bridge between business views and technical requirements, translating highly technical information to non-technical audiences.</span><span data-ccp-props="{" 335559739":0}"=""> </span></p></li><li role="listitem" aria-setsize="-1" data-leveltext="●" data-font="Symbol" data-listid="1" data-list-defn-props="{" 335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridmultilevel"}"="" data-aria-posinset="1" data-aria-level="1"><p><span xml:lang="EN-US" data-contrast="none">Very high comfort level working under ambiguous situations, with a natural drive to bring clarity and challenge assumptions.</span></p></li><li role="listitem" aria-setsize="-1" data-leveltext="●" data-font="Symbol" data-listid="1" data-list-defn-props="{" 335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridmultilevel"}"="" data-aria-posinset="1" data-aria-level="1"><p><span xml:lang="EN" data-contrast="none">1+ year(s) leading a security function or program (e.g., Security Development Lifecycle, Governance, Risk, & Compliance [GRC]).</span><span data-ccp-props="{" 335559739":240}"=""> </span></p></li></ul></div> <br><strong>Compensation Range</strong><br><br>The base salary range for this job is USD $140,400.00 - USD $372,300.00 /Yr.<br><br>These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.
<p><strong>GitHub values</strong></p>
<ul><li>Customer-obsessed</li>
<li>Ship to learn</li>
<li>Growth mindset</li>
<li>Own the outcome</li>
<li>Better together</li>
<li>Diverse and inclusive</li></ul>
<p><strong>Manager fundamentals</strong></p>
<ul><li>Model</li>
<li>Coach</li>
<li>Care</li></ul>
<p><strong>Leadership principles</strong></p>
<ul><li>Create clarity</li>
<li>Generate energy</li>
<li>Deliver success</li></ul>
<br><strong>Who We Are</strong><br><br>GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.<br>
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.<br>
Join us, and let’s change the world, together.<br> <br><strong>EEO Statement</strong><br><br>GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
