Security Analyst - GitHub Security Lab
Remote - US / Canada
GitHub
GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows,...GitHub is seeking a security analyst to join its Security Lab. The qualified candidate will contribute to the curation of the GitHub Advisory Database as well as the operation of the GitHub CVE program. You will help us grow the breadth and depth of our Advisory Database, and you will help us analyze vulnerability reports for the purposes of assigning and publishing CVEs. In addition to your curation responsibilities you will also have the opportunity to grow into a security research role with the Security Lab research team.
Meet the team:
The mission of the GitHub Security Lab is to inspire and enable the community to secure the open source software we depend on. We create a home for security researchers where they can collaborate and share, with the common goal of securing open source software.
The GitHub Advisory Database is a core part of the Security Lab’s mission. The GitHub Advisory Database is unique in that it is currently the only freely licensed dataset focused on general open source vulnerabilities. The role of a Security Analyst is to manage the Advisory Database, what sources data is ingested from into the Database, and which standards are followed for the advisories in the ingested datasets.
The GitHub CVE program complements the GitHub Advisory Database. It allows open source maintainers to easily publish advisories and to associate them with CVEs, which are the industry standard for vulnerability identifiers. The successful candidate will learn and enforce the CVE rules and apply them to GitHub Security Advisories. In this role a fair amount of technical writing is required.
Qualifications:
- Previous experience and exposure to open source software
- Familiarity with one or more major open source ecosystems such as npm, python, java, etc.
- Strong interest in open source security
- Strong understanding of common software vulnerabilities (OWASP Top 10 for example) and knowledge of secure code principles
- Strong written and verbal communication skills in English and strong technical writing skills
- Previous experience in the software security domain is a big plus, though other relevant experience will be considered as well
- Ability to work in a team, empathy for others when they need help, accountability when they rely on you
What You’ll Do:
- Add advisories to GitHub Advisory Database using our curation tooling
- Review CVE requests to ensure they conform to the CVE systems rules, assign CVE IDs and ultimately publish CVEs to MITRE
- Write/edit advisory descriptions
- Find ways to grow the breadth, depth, and influence of GitHub AdvisoryDB, including:
- Finding new sources of advisories
- Extending the amount and type of data that is curated
- Working with stakeholders, both internal and external, to help them make the best use of the dataset
- Writing blog posts, giving talks, and other kinds of public outreach.
- Collaborate with security researchers and influence their research with data you are collecting
- Work as part of a team.
Who We Are:
GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Leadership Principles:
Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.
#LI-POST
Tags: GitHub IDS Java Open Source OWASP Python Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs