Staff Security Analyst (GRCC)
About The Position
As a Staff Security Analyst under the Governance, Risk, Compliance and Customer Trust team within GitHub Security, you will build and execute strategy to meet compliance goals and build durable customer trust and engagement programs. You will serve as a "Human API," proactively analyzing highly complex issues to bridge the gap between business requirements and the technologists building solutions. This role is uniquely positioned to build relationships across Engineering, Infrastructure, and Legal to drive enterprise objectives and build trust in GitHub products. This position may require travel several times per year, but is minimal.
Requirements
- 10+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area o OR equivalent experience.
- 3+ years experience in a role with large enterprise, government, and/or highly regulated customer interactions, both asynchronous and synchronous.
Nice To Haves
- Deep experience executing activities along the full audit life cycle (planning, execution, reporting, remediation) for FedRAMP Mod+ or equivalent frameworks.
- Proven track record designing and testing Business Continuity and Disaster Recovery programs for large-scale SaaS environments.
- Demonstrated ability to function as a bridge between business views and technical requirements, translating highly technical information to non-technical audiences.
- Very high comfort level working under ambiguous situations, with a natural drive to bring clarity and challenge assumptions.
- 1+ year(s) leading a security function or program (e.g., Security Development Lifecycle, Governance, Risk, & Compliance [GRC]).
Responsibilities
- Proactively analyzes highly complex issues using multiple data sources to identify security problems and defines strategies for balancing security and operational needs.
- Drives customer engagement for complex, high-impact issues that materially affect customer experience and business outcomes. Leads cross-functional coordination to assess, prioritize, and resolve escalations, creates and scales repeatable tooling, guidance and best practices that reduce recurring challenges, and enables teams to proactively identify risks, improve issue resolution, and strengthen customer trust and adoption.
- Leads large-scale security, architectural, and design reviews for feature areas, ensuring best practices for security architecture, design, and development are in place.
- Helps others by sharing expertise to identify potential security issues, tools, and mitigations (e.g., threat modeling) and mentors others on determining the most appropriate format for communicating highly technical information.
- Collaborates with leadership to resolve the most complex security issues and risks that require highly innovative solutions, identifying unique defects or threats in the product.
Benefits
- annual bonus
- stock
- sales incentives
- generous learning and growth opportunities
- excellent benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
