Staff Threat Intel Analyst

About the position Staff Threat Intelligence Analyst – Threat Intelligence Team GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Threat Intelligence team investigates sophisticated threat activity targeting GitHub and our users. We're looking for an experienced threat intelligence analyst to help protect GitHub from advanced cyber threats. In this role you will use data from a variety of open, closed, and internal sources to gain insight into adversary activity and drive intelligence-informed security countermeasures across GitHub. This role will focus on researching and operationalizing high-quality threat intelligence, and building new threat actor tracking and detection capabilities. You'll also provide a vital, threat-informed perspective to many Security-wide and anti-abuse initiatives including threat hunting and detection workflows, Red Team operations, and engineering efforts. This is an opportunity to join a high impact, strongly collaborative team that helps drive secure outcomes for the Open Source Software community and beyond. If you have deep experience conducting technical threat intelligence investigations and are comfortable leading strategic projects to solve complex security problems, we want to hear from you!

Responsibilities

• Develop and maintain subject matter expertise in a portfolio of threats to GitHub, our customers, employees, infrastructure and the wider OSS community
• Conduct technical investigations into complex threat actor activity targeting GitHub and its users
• Identify and disrupt platform abuse by advanced threat actors
• Lead cross-org strategic projects to better understand and track threats to GitHub and our customers
• Design, develop, and maintain tools and queries to assist in investigations
• Provide relevant and concise analysis for stakeholders, including teams within Security, Engineering, and executive leadership
• Coordinate disruption efforts against sophisticated misuse of the GitHub platform by advanced threat actors

Requirements

• 10+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR equivalent experience
• 5+ years of technical threat intelligence analysis and investigations experience with a focus on tracking and disrupting advanced persistent adversaries.
• 2+ years of experience building tools and automations in collaborative codebases using Python and/or other programming languages.
• 3+ years conducting threat investigations in high-traffic environments (e.g., large web platforms); demonstrated knowledge of attacker infrastructure, attack vector, and tooling trends, plus strong evidence capture and documentation practices?

Nice-to-haves

• Knowledge of Linux and MacOS systems, git, and GitHub.
• Proficiency with Azure, KQL, Terraform, and Airflow.
• Experience leveraging AI workflows, where appropriate, to drive improved security outcomes.
• An existing network of threat intelligence contacts and a high degree of comfort managing information sharing relationships.
• Proven track record of collaborating with Security Operations and Engineering teams for host and network based investigation and detections.

Apply tot his job Apply To this Job