SIRT Detection Engineering Lead United States

Company: GitHub

GitHub is changing the way the world builds software, and we want you to help change the way we secure GitHub. We are looking for an experienced Detection Engineering Lead to join our remote SIRT focused on detecting and responding to security threats against GitHubbers, GitHub users, and abuse of GitHub infrastructure.

Interested in leading efforts related to threat hunting, MITRE ATT&CK, building and tuning detection logic, alert enrichment, or response automation?

As a Detection Engineering Lead, you will, alongside peers within GitHub Security as well as GitHub's Engineering, Legal, and Support teams, lead efforts to design and build a comprehensive threat detection program. This includes work to improve telemetry, build and tune alerting and enrichment tools, and then use those tools for intrusion detection, incident response, and hunting. A successful applicant will have a desire to provide technical leadership for detecting and hunting a variety of adversaries in diverse environments at scale.


  • Provide day-to-day technical and process leadership for engineers designing and building a comprehensive, structured threat detection program.
  • Identify active threats to GitHub system environments including, corporate networks, third party services, and individual user endpoints.
  • Lead work with stakeholders throughout security and engineering to develop and improve threat detection logic, enhance response capabilities, and deploy new tools.
  • Lead structured hunting for novel or anomalous activity indicative of bad actor tactics, techniques, and procedures (TTPs).
  • Lead alert enrichment and detection response automation efforts.
  • Create and maintain relevant team documentation and standards.

Minumum Qualifications:

  • 5+ years experience or demonstrable proficiency in threat detection or threat intelligence.
  • Proven experience providing technical leadership to a team of security analysts or engineers.
  • General experience in the following disciplines with deep experience in one or more:
    • Log analysis: Large scale analysis of standard and custom log types using client and server side log analysis tools such as Splunk, ELK, and lnav.
    • Familiarity with file system, memory, or live response on MacOS and/or Linux.
    • Network traffic analysis: Analyze network telemetry from intrusion detection systems and flow monitoring systems.
    • Detection development: Host and network level detection with tools such as osquery, yara, auditd, etc.
    • Threat intelligence: Collection, analysis, production, or consumption of threat data and finished intelligence.
  • Experience using or securing Linux day-to-day in a production environment.
  • Basic scripting experience with Ruby, Python, Bash, or Powershell.
  • Exceptional documentation and written communication skills.

Preferred Experience:

  • Experience fighting attack and abuse activity at large scale.
  • Software engineering experience with Python, Ruby, Golang, JavaScript, or other OOP languages.
  • Understanding of common identity verification and authentication methods and the limitations of such methods.
  • Malware triage analysis: Identify and verify malicious content such as exploits and malware and make response determinations.
  • DevOps or security automation experience.
  • Experience working with git and GitHub.
  • Experience working with distributed teams.

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 27 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Where We Can Hire

Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.


Vacancy page :

Similar jobs