## About Git

Hub

GitHub is the world’s leading platform for agentic software development — powered by Copilot to build, scale, and deliver secure software. Over 180 million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate, and more than 77,000 organisations have adopted GitHub Copilot.

Locations

In this role you can work from Remote, United States

Overview

Staff Threat Intelligence Analyst – Threat Intelligence Team

GitHub is changing the way the world builds secure software and we want you to help change the way we secure GitHub. GitHub’s Threat Intelligence team investigates sophisticated threat activity targeting GitHub and our users. We're looking for an experienced threat intelligence analyst to help protect GitHub from advanced cyber threats.

In this role you will use data from a variety of open, closed, and internal sources to gain insight into adversary activity and drive intelligence-informed security countermeasures across GitHub. This role will focus on researching and operationalizing high-quality threat intelligence, and building new threat actor tracking and detection capabilities. You'll also provide a vital, threat-informed perspective to many Security-wide and anti-abuse initiatives including threat hunting and detection workflows, Red Team operations, and engineering efforts.

This is an opportunity to join a high impact, strongly collaborative team that helps drive secure outcomes for the Open Source Software community and beyond. If you have deep experience conducting technical threat intelligence investigations and are comfortable leading strategic projects to solve complex security problems, we want to hear from you!

Responsibilities

• Develop and maintain subject matter expertise in a portfolio of threats to GitHub, our customers, employees, infrastructure and the wider OSS community
• Conduct technical investigations into complex threat actor activity targeting GitHub and its users
• Identify and disrupt platform abuse by advanced threat actors
• Lead cross-org strategic projects to better understand and track threats to GitHub and our customers
• Design, develop, and maintain tools and queries to assist in investigations
• Provide relevant and concise analysis for stakeholders, including teams within Security, Engineering, and executive leadership
• Coordinate disruption efforts against sophisticated misuse of the GitHub platform by advanced threat actors

Qualifications

• 10+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area
• OR equivalent experience
• 5+ years of technical threat intelligence analysis and investigations experience with a focus on tracking and disrupting advanced persistent adversaries.
• 3+ years conducting threat investigations in high-traffic environments (e.g., large web platforms); demonstrated knowledge of attacker infrastructure, attack vector, and tooling trends, plus strong evidence capture and documentation practices.
• 2+ years of experience building tools and automations in collaborative codebases using Python and/or other programming languages.

Preferred Qualifications:

• Knowledge of Linux and MacOS systems, git, and GitHub.
• Proficiency with Azure, KQL, Terraform, and Airflow.
• Experience leveraging AI workflows, where appropriate, to drive improved security outcomes.
• An existing network of threat intelligence contacts and a high degree of comfort managing information sharing relationships.
• Proven track record of collaborating with Security Operations and Engineering teams for host and network based investigation and detections.

Compensation Range

The base salary range for this job is USD $140,400.00 - USD $372,300.00 /Yr.

These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.

GitHub values

• Customer-obsessed

• Ship to learn

• Growth mindset

• Own the outcome

• Better together

• Diverse and inclusive

Manager fundamentals

• Model

• Coach

• Care

Leadership principles

• Create clarity

• Generate energy

• Deliver success

Who We Are

GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.

Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms.

Join us, and let’s change the world, together.

EEO Statement

• GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

• Develop and maintain subject matter expertise in a portfolio of threats to GitHub, our customers, employees, infrastructure and the wider OSS community

• Conduct technical investigations into complex threat actor activity targeting GitHub and its users

• Identify and disrupt platform abuse by advanced threat actors

• Lead cross-org strategic projects to better understand and track threats to GitHub and our customers

• Design, develop, and maintain tools and queries to assist in investigations

• Provide relevant and concise analysis for stakeholders, including teams within Security, Engineering, and executive leadership

• Coordinate disruption efforts against sophisticated misuse of the GitHub platform by advanced threat actors

• 10+ years experience in security analysis, security research, cyber security, security engineering, or relevant area OR Associate's Degree AND 9+ years experience in security analysis, security research, cyber security, security engineering, or relevant area

• OR Bachelor's Degree AND 8+ years experience in security analysis, security research, cyber security, security engineering, or relevant area

• OR Master's Degree AND 6+ years experience in security analysis, security research, cyber security, security engineering, or relevant area

• OR Doctorate AND 4+ years experience in security analysis, security research, cyber security, security engineering, or relevant area

• OR equivalent experience

• 5+ years of technical threat intelligence analysis and investigations experience with a focus on tracking and disrupting advanced persistent adversaries.

• 3+ years conducting threat investigations in high-traffic environments (e.g., large web platforms); demonstrated knowledge of attacker infrastructure, attack vector, and tooling trends, plus strong evidence capture and documentation practices.

• 2+ years of experience building tools and automations in collaborative codebases using Python and/or other programming languages.

Preferred Qualifications:

• Knowledge of Linux and MacOS systems, git, and GitHub.
• Proficiency with Azure, KQL, Terraform, and Airflow.
• Experience leveraging AI workflows, where appropriate, to drive improved security outcomes.
• An existing network of threat intelligence contacts and a high degree of comfort managing information sharing relationships.
• Proven track record of collaborating with Security Operations and Engineering teams for host and network based investigation and detections.