GitHub Security - Director, Security Operations

GitHub Security - Director, Security Operations

GitHub is improving the way the world builds software and we are looking for an experienced technical director to help us continually improve the way we build and secure GitHub.

As the Director of our Security Operations group, you will lead and grow diverse, distributed engineering teams. This role is accountable for maturing and managing multiple information security focused programs and services at GitHub.

You will be directing teams and the programs and services they operate including Identity & Access Management, Attack Surface & Vulnerability Management, security system telemetry engineering, and the engineering and administration of services that are core to the Security department’s mission to help protect the world’s code.

The Security Operations group’s impact is far reaching. As part of the Security department, within the Engineering division, you will collaborate with and provide services to teams and individuals across all business units from Product Engineering and Infrastructure to Sales, IT, and HR.

If you have a proven foundation in information security, enjoy the challenges of program development and operations, and want to lead and grow a team tasked with solving complex security and compliance problems for the world's largest software development platform, we want to hear from you!


  • You are experienced people leader, you hire, coach, and grow a diverse set of managers and engineers with differing perspectives, ideas, nd experiences.

  • You promote a culture of distributed leadership, ownership and consistently empower your team.

  • You work cross-functionally to develop and improve security programs that provide services to help the business meet its objectives securely.

  • You manage your portfolio of programs and services via published Service Level Objectives (SLOs), Key Performance Indicators (KPIs), Capability Maturity Model (or comparable) assessments, and audited security compliance and risk management objectives.

  • You continually improve the maturity of programs through quarterly and annual Objective & Key Results (OKR) planning cycles.

  • You lead roadmap development and workforce planning, and manage your group’s budgets, vendors, and consultants.

  • You establish and communicate strategic vision and execute that strategy.

  • You influence technical architecture and set security standards for both the platform and our corporate systems.

  • You bring a highly risk averse mindset to your work and seek to balance that against business constraints and competing priorities & objectives.

  • You communicate clearly and in a compelling manner, from C-level to individual contributor, to champion sound and sustainable security practices throughout the entire company.

Minimum qualifications:

  • A minimum of 5 years of experience managing both managers and individual contributors in a high growth security operations or engineering group.

  • A minimum of 10 years of technical experience with several years being hands-on in security engineering and operations role at the application, system, and/or network layers.

  • Real-world experience managing teams that ship and operate critical security infrastructure in a large-scale SaaS platform.

  • Experience with software development and systems engineering life cycles including design, development, testing, and release, and maintenance.

  • Prior software development experience with Go, Ruby, bash, python, or similar languages.

  • Experience working as a remote employee, managing distributed teams, and working asynchronously.

  • Both technical project and program management experience with a proven ability to meet timelines, objectives and key results.

  • Exceptional written and verbal communication skills with a strong sense of empathy and the ability to successfully advocate for your team.

  • Experience using, and comfort using core features such as Issues and Pull Requests.

Preferred Qualifications:

  • Have contributed to open source security projects and/or security community initiatives.

  • Have developed simple tools and integrations that interact with the GitHub API.

  • Have used Git as a developer.