Staff Threat Intel Analyst

GitHub, Inc.

5h•Remote

About The Position

Staff Threat Intelligence Analyst – Threat Intelligence Team GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Threat Intelligence team investigates sophisticated threat activity targeting GitHub and our users. We're looking for an experienced threat intelligence analyst to help protect GitHub from advanced cyber threats. In this role you will use data from a variety of open, closed, and internal sources to gain insight into adversary activity and drive intelligence-informed security countermeasures across GitHub. This role will focus on researching and operationalizing high-quality threat intelligence, and building new threat actor tracking and detection capabilities. You'll also provide a vital, threat-informed perspective to many Security-wide and anti-abuse initiatives including threat hunting and detection workflows, Red Team operations, and engineering efforts. This is an opportunity to join a high impact, strongly collaborative team that helps drive secure outcomes for the Open Source Software community and beyond. If you have deep experience conducting technical threat intelligence investigations and are comfortable leading strategic projects to solve complex security problems, we want to hear from you!

Requirements

10+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
OR equivalent experience
5+ years of technical threat intelligence analysis and investigations experience with a focus on tracking and disrupting advanced persistent adversaries.
2+ years of experience building tools and automations in collaborative codebases using Python and/or other programming languages.
3+ years conducting threat investigations in high-traffic environments (e.g., large web platforms); demonstrated knowledge of attacker infrastructure, attack vector, and tooling trends, plus strong evidence capture and documentation practices?

Nice To Haves

Knowledge of Linux and MacOS systems, git, and GitHub.
Proficiency with Azure, KQL, Terraform, and Airflow.
Experience leveraging AI workflows, where appropriate, to drive improved security outcomes.
An existing network of threat intelligence contacts and a high degree of comfort managing information sharing relationships.
Proven track record of collaborating with Security Operations and Engineering teams for host and network based investigation and detections.

Responsibilities

Develop and maintain subject matter expertise in a portfolio of threats to GitHub, our customers, employees, infrastructure and the wider OSS community
Conduct technical investigations into complex threat actor activity targeting GitHub and its users
Identify and disrupt platform abuse by advanced threat actors
Lead cross-org strategic projects to better understand and track threats to GitHub and our customers
Design, develop, and maintain tools and queries to assist in investigations
Provide relevant and concise analysis for stakeholders, including teams within Security, Engineering, and executive leadership
Coordinate disruption efforts against sophisticated misuse of the GitHub platform by advanced threat actors

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume