Senior Detection Engineer

Senior Detection Engineer

at GitHub

Remote - US

GitHub is changing the way the world builds software, and we want you to help change the way we secure GitHub. We are looking for an experienced detection engineer and senior incident responder to join our remote SIRT focused on detecting and responding to security threats against GitHubbers, GitHub users, and abuse of GitHub infrastructure.

As a Senior Detection Engineer, you will work alongside peers within GitHub Security as well as GitHub's Engineering, Legal, and Support teams to design and build a comprehensive detection program. This includes work to improve telemetry, build and tune alerting and enrichment tools, and then use those tools for intrusion detection, incident response, and hunting. A successful applicant will have a desire to detect and hunt a variety of adversaries in diverse environments at scale.

Responsibilities:

  • Play a pivotal role in designing and building a comprehensive threat detection program.
  • Identify active threats to GitHub system environments including GitHub.com, corporate networks, third party services, and individual user endpoints.
  • Work with stakeholders throughout security and engineering to develop and improve threat detection logic, enhance response capabilities, and deploy new tools.
  • Create and maintain relevant team documentation and standards.
  • Participate in relevant Audit and Compliance activities.

Required Skills & Experience:

  • 5+ years or demonstrable proficiency at Incident Response or Intrusion Detection.
  • General experience in the following disciplines with deep experience in one or more:
  • Log analysis: Large scale analysis of standard and custom log types using client and server side log analysis tools such as Splunk, ELK, and lnav.
  • Familiarity with file system, memory, or live response on MacOS and/or Linux.
  • Network traffic analysis: Analyze network telemetry from intrusion detection systems and flow monitoring systems.
  • Detection development: Host and network level detection with tools such as osquery, yara, auditd, etc.
  • Experience collaborating with multiple groups such as internal business units, external incident response teams, and law enforcement throughout the entire incident lifecycle.
  • Experience using Linux day-to-day in a production environment.
  • Basic scripting experience with Ruby, Python, Bash, or Powershell.
  • Exceptional documentation and written communication skills.

Preferred Skills & Experience:

  • Experience fighting attack and abuse activity at large scale.
  • Experience using Linux day-to-day in a production environment.
  • Software engineering experience with Python, Ruby, Golang, JavaScript, or other OOP languages.
  • Understanding of common identity verification and authentication methods and the limitations of such methods.
  • Malware triage analysis: Identify and verify malicious content such as exploits and malware and make response determinations.
  • DevOps or security automation experience.
  • Experience working with git and GitHub.
  • Experience working with distributed teams.

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 28 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of GitHub.com and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together. 
Empathy: We believe in putting people first. 
Quality: We believe in setting the standard for excellence. 
Positive Impact: We believe in making the world a better place through our work. 
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!