Listing Description
As a Senior Incident Responder, you will work alongside other members of the GitHub Security, Engineering, Legal, PR, and Support teams to coordinate incident response across the corporate and platform environments. You will investigate malicious or anomalous activity, coordinate technical response and incident communications, and work to turn security incidents into opportunities to better secure GitHub and the internet at large through comprehensive incident retrospectives. A successful applicant will have a desire to coordinate diverse incident response teams consisting of technical and non-technical personnel and partner closely with cross-functional business units.Coordinate incident response activities across a complex and varied environment.
Develop and execute mitigation and remediation plans to restore the confidentiality and integrity of compromised resources.
Work with stakeholders throughout security and engineering to develop and improve threat detection logic, enhance response capabilities, and deploy new tools.
Create and maintain relevant team documentation and standards.
Participate in relevant Audit and Compliance activities.
Required Skills & Experience
5+ years or demonstrable proficiency at Incident Response or Intrusion Detection.
General experience in the following disciplines with deep experience in one or more:
Log analysis: Large scale analysis of standard and custom log types using client and server side log analysis tools such as Splunk, ELK, and lnav.
Familiarity with file system, memory, or live response on MacOS and/or Linux.
Network traffic analysis: Analyze network telemetry from intrusion detection systems and flow monitoring systems.
Detection development: Host and network level detection with tools such as osquery, yara, auditd, etc.
Experience collaborating with multiple groups such as internal business units, external incident response teams, and law enforcement throughout the entire incident lifecycle.
Experience using Linux day-to-day in a production environment.
Basic scripting experience with Ruby, Python, Bash, or Powershell.
Exceptional documentation and written communication skills.
Preferred Skills & Experience
Experience fighting attack and abuse activity at large scale.
Experience using Linux day-to-day in a production environment.
Software engineering experience with Python, Ruby, Golang, JavaScript, or other OOP languages.
Understanding of common identity verification and authentication methods and the limitations of such methods.
Malware triage analysis: Identify and verify malicious content such as exploits and malware and make response determinations.
DevOps or security automation experience.
Experience working with git and GitHub.
Experience working with distributed teams.
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute