Staff Security Analyst (GRCC)

Do you love the opportunity to "Fix It, Build It, Understand It"? As a Staff Security Analyst under the Governance, Risk, Compliance and Customer Trust team within GitHub Security, you will build and execute strategy to meet compliance goals and build durable customer trust and engagement programs. You will serve as a "Human API," proactively analyzing highly complex issues to bridge the gap between business requirements and the technologists building solutions. This role is uniquely positioned to build relationships across Engineering, Infrastructure, and Legal to drive enterprise objectives and build trust in GitHub products. 

This position may require travel several times per year, but is minimal.

• Security Issues Analysis: Proactively analyzes highly complex issues using multiple data sources to identify security problems and defines strategies for balancing security and operational needs.
• Customer Engagement: Drives customer engagement for complex, high-impact issues that materially affect customer experience and business outcomes. Leads cross-functional coordination to assess, prioritize, and resolve escalations, creates and scales repeatable tooling, guidance and best practices that reduce recurring challenges, and enables teams to proactively identify risks, improve issue resolution, and strengthen customer trust and adoption.
• Leadership & Review: Leads large-scale security, architectural, and design reviews for feature areas, ensuring best practices for security architecture, design, and development are in place.
• Expertise & Mentorship: Helps others by sharing expertise to identify potential security issues, tools, and mitigations (e.g., threat modeling) and mentors others on determining the most appropriate format for communicating highly technical information.
• Risk Management: Collaborates with leadership to resolve the most complex security issues and risks that require highly innovative solutions, identifying unique defects or threats in the product. 

Required Qualifications:

• 10+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
  • OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
  • OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
  • OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
  • OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area o OR equivalent experience.
• 3+ years experience in a role with large enterprise, government, and/or highly regulated customer interactions, both asynchronous and synchronous. 

Preferred Qualifications:

• Regulatory Depth: Deep experience executing activities along the full audit life cycle (planning, execution, reporting, remediation) for FedRAMP Mod+ or equivalent frameworks.

• BCDR Leadership: Proven track record designing and testing Business Continuity and Disaster Recovery programs for large-scale SaaS environments.

• "Human API": Demonstrated ability to function as a bridge between business views and technical requirements, translating highly technical information to non-technical audiences. 

• Very high comfort level working under ambiguous situations, with a natural drive to bring clarity and challenge assumptions.

• 1+ year(s) leading a security function or program (e.g., Security Development Lifecycle, Governance, Risk, & Compliance [GRC]).