Director, Security Operations (Threat Hunting, Operations, and Incident Response)
Remote - US
GitHub
GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows,...GitHub Security Operations is hiring a Director to lead the Threat Hunting, Operations, and Incident Response teams. In this role, you will foster an environment of excellence and mentorship to lead the detection and response to threat activity, spammy content, malware, and account takeover attacks on our infrastructure and users. The leadership you bring will influence the security of the systems and infrastructure across GitHub’s production and corporate environments, identity & access management systems, and core security services for vulnerability management and security monitoring. GitHub's many features give it a broad attack surface that make it a popular target for malicious hackers, spammers, and fraudsters. Hackers know that we protect the key intellectual property of a massive number of companies and people. Spammers love the many vectors for delivering rich content through the platform: from creating spam on Gists, issue comments, and user profiles to even opening Pull Requests to add "ads" to repositories. Fraudsters seek to profit by abusing GitHub and third-party integrators for monetary gain. This large and varied attack surface gives GitHub a somewhat unique set of problems to solve.
The Threat Hunting, Operations, and Response teams are self-driven and autonomous while being highly collaborative. These are talented teams that value learning, work-life balance, and tackling interesting challenges - something in no short supply given our adversarial, evolving problem space. The teams’ strength lies in the culture of high trust and empathy in which we operate; and genuine joy in the work we do and people we work with.
You will report directly to the Vice President of Security Operations.
Job Responsibilities
- Cultivating an environment where team members are empowered and have a strong sense of ownership for their work.
- Serving as a great people leader for the team, meeting with members 1-1 on a regular basis, providing performance feedback, and helping individuals plan and execute on their career development objectives.
- Guiding the team's vision, helping build roadmaps, ensuring projects get staffed effectively, and setting priorities that align with both the team and the company's goals.
- Serving as the hiring manager for the team to bring in new engineers who not only complement the existing team's skills, but who also have new perspectives, ideas, and experiences.
- Establishing and maintaining intra-department, cross-department, and management level communications.
- Being passionate about creating and fostering good security practices and processes throughout the company.
- Leading small group discussions about security issues with both technical and non-technical audiences, while making sure discussion highlights are captured in written form to benefit those not present.
- Innovating around measurement and metrics.
What We Value In Security Operations
- Collaboration: We believe the best work is done together.
- Empathy: We believe in putting people first.
- Quality: We believe in setting the standard for excellence.
- Positive Impact: We believe in making the world a better place through our work.
- Shipping: We believe in creating things for the people using them.
Required Qualifications
Management experience:
- Significant time spent in organizational and technical leadership roles;
- 10+ years experience leading cybersecurity, security engineering, and/or threat intelligence programs.
- 5+ years experience managing individual contributors to include experience managing other managers.
- Experience working as a remote employee, and managing distributed teams.
- Experience leading or operating within the entire security incident response lifecycle, to include threat intelligence analysis and production, threat detection tactics and techniques, threat hunting, and incident response and remediation practices.
- Exceptional communication skills, both written and oral.
- Proven technical program management experience guiding strategic and tactical technical decision making and execution.
- Experience supporting governance and regulatory requirements.
Technical Experience
- Pragmatic and collaborative approach to decision making and system design.
- Demonstrative experience with core DFIR including system forensics, memory forensics, network analysis, malware analysis, cyber threat intelligence, or log analysis.
- Experience with fighting Spam/Malware and building Account Takeover systems at scale.
- Experience with content analysis, pattern recognition, or applied statistics.
- Practical experience with common security infrastructure such as log/SIEM analysis systems, firewalls, identity and access management, vulnerability management, etc.
- Tenacious tinkering, spelunking and curiosity capacity.
Desired Skills and Experience:
- Are an active contributor to open source security projects and/or security community initiatives, such as cyber risk framework development contributions.
- Exposure to cyber threat information sharing networks and programs.
- Exposure to different software development life-cycles.
- Working knowledge of Git and GitHub.
- Demonstrated software development experience with Go, Ruby and Rails, bash, python, or other languages.
- Time spent securing and/or defending large-scale web/cloud applications and infrastructure.
- Building or managing creation of data pipelines.
- Builder of classifiers (rule-based and machine learned) to detect illegitimate content and behavior.
- Experience with Machine Learning.
- Expertise in data analytics.
Minimum salary of $168,700 to maximum $265,100.
At GitHub certain roles are eligible for additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role.
Location: In this role, you can work remotely from anywhere in the United States or onsite in one of GitHub’s U.S. offices (San Francisco, Bellevue, Raleigh).
#LI-Remote
Who We Are:
GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Leadership Principles:
Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.
Tags: Analytics Bash Cloud DFIR Firewalls Forensics GitHub Governance IAM Incident response Log analysis Machine Learning Malware Monitoring Open Source Python Ruby SIEM Threat detection Threat intelligence Vulnerability management
Perks/benefits: Career development Salary bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs