About GitHub
GitHub is the world's leading platform for agentic software development - powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.
Locations
In this role you can work from Remote, United States
Overview
Do you love the opportunity to "Fix It, Build It, Understand It" As a Staff Security Analyst under the Governance & Trust team within GitHub Security, you will lead the strategy for our most critical compliance targets, including FedRAMP Moderate. You will serve as a "Human API," proactively analyzing highly complex issues to bridge the gap between business requirements and the technologists building solutions. This role is uniquely positioned to build relationships across Engineering, Infrastructure, and Legal to drive enterprise objectives and build trust in GitHub products.
This position may require travel several times per year, but is minimal.
Responsibilities
Security Issues Analysis: Proactively analyzes highly complex issues using multiple data sources to identify security problems and defines strategies for balancing security and operational needs.
FedRAMP & Public Sector Strategy: Leads compliance efforts for products targeting the highest levels of security assurance including FedRAMP Moderate. You will contribute to continuous monitoring strategies and "paved path" compliance solutions for GitHub's use of Azure.
Resilience & BCDR: Drives strategy across the organization to implement a Business Continuity and Disaster Recovery (BCDR) capability to ensure operational resilience in the face of complex risks.
Leadership & Review: Leads large-scale security, architectural, and design reviews for feature areas, ensuring best practices for security architecture, design, and development are in place.
Expertise & Mentorship: Helps others by sharing expertise to identify potential security issues, tools, and mitigations (e.g., threat modeling) and mentors others on determining the most appropriate format for communicating highly technical information.
Risk Management: Collaborates with leadership to resolve the most complex security issues and risks that require highly innovative solutions, identifying unique defects or threats in the product.
Qualifications
Required Qualifications
10+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, software engineering, or relevant area
OR equivalent experience.
Preferred Qualifications
Regulatory Depth: Deep experience executing activities along the full audit life cycle (planning, execution, reporting, remediation) for FedRAMP Mod+ or equivalent frameworks.
BCDR Leadership: Proven track record designing and testing Business Continuity and Disaster Recovery programs for large-scale SaaS environments.
"Human API": Demonstrated ability to function as a bridge between business views and technical requirements, translating highly technical information to non-technical audiences.
Ambiguity: Very high comfort level working under ambiguous situations, with a natural drive to bring clarity and challenge assumptions.
1+ year(s) leading a security function or program (e.g., Security Development Lifecycle, Governance, Risk, & Compliance [GRC]).
Compensation Range
The base salary range for this job is USD $140,400.00 - USD $372,300.00 /Yr.
These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.
GitHub values
Customer-obsessed
Ship to learn
Growth mindset
Own the outcome
Better together
Diverse and inclusive
Manager fundamentals
Model
Coach
Care
Leadership principles
Create clarity
Generate energy
Deliver success
Who We Are
GitHub is the world's leading AI-powered developer platform with 150 million developers and counting. We're also home to the biggest open-source community on earth (and 99% of the world's software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We're remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are-because we know that people flourish when they can work on their own terms.
Join us, and let's change the world, together.
EEO Statement
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
