Security Operations Engineer - Logging/Splunk

Security Operations Engineer - Logging/Splunk

at GitHub

United States

GitHub is looking for engineers to join our Security Operations team. You will focus on building and managing the systems and tools that enable our engineers to securely operate and scale the world's largest code hosting platform. Your primary focus will be on our security event log pipeline comprised of syslog, Splunk, Kafka, and AWS services. Beyond that, some of the other infrastructure the team manages include our Identity & Access Management systems, credential management services, vulnerability scanning tools, and network security devices.

The GitHub Security team is highly distributed and you must thrive in an environment of remote work and asynchronous communication. You're expected to have strong written communication skills and be able to develop working relationships with coworkers in locations around the globe. As a Security Operations Engineer at GitHub you'll always be challenged to solve interesting and novel problems that have real impact on how the world builds software.


  • Managing a reliable high-volume, high-availability Splunk deployment in support of various security and engineering use cases.
  • Partnering with security, infrastructure, application engineering, and data analytics teams to ensure logging standard and pipeline, log analysis and enrichment infrastructure are well-positioned to meet required use cases.
  • Develop and maintain security infrastructure through reusable code and tooling.
  • Use metrics and monitoring systems to ensure performance, scalability, and stability.
  • Find ways to use existing systems to improve the security of our platform.
  • Interact with other teams outside of the Security department to ensure the confidentiality, integrity, and availability of our infrastructure and data.

Minimum Qualifications:

  • Significant experience building and managing large, clustered Splunk installations.
  • Strong foundation in information security.
  • You have a track record of building infrastructure automation.
  • Proficiency in designing and maintaining AWS infrastructure to support logging and security use cases.
  • Experience with high-volume, high-availability logging pipelines.
  • Experience with Kafka and AWS S3/Kinesis for log transport and storage.
  • Experience with APIs, webhooks, and other technologies used to integrate security technology, enrich log data, and automate security workflows.
  • Proficiency in high-level languages such as Ruby, Python, and Bash.
  • A deep understanding of the Linux operating system, at both a high- and low-level.
  • Familiarity with configuration management software such as Puppet, Chef, Ansible, or Salt.
  • A tenacious ability to diagnose and fix performance and reliability problems.
  • You use a pragmatic approach to decision making and design choices. 

Preferred Experience:

  • You've built highly available systems at scale.
  • Splunk Architect or Splunk Administrator certification.
  • Capacity planning for large, multi-tier web systems.
  • Contributions to open source.
  • Experience with Elasticsearch.
  • Experience with SQL and Presto/Athena.
  • Experience with Kubernetes and Docker.
  • Experience with Linux kernel internals (TCP/IP stack, developing modules).

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 24 million people use GitHub to build amazing things together across 67 million repositories. With the collaborative features of and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together. 
Empathy: We believe in putting people first. 
Quality: We believe in setting the standard for excellence. 
Positive Impact: We believe in making the world a better place through our work. 
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!