Sr. Incident Responder (CSIRT)

Github (View all Jobs)

Remote - US

Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄

Interview Process

1. Take-home exercise 2. Code review and technical discussions.


$104,400- $221,500

Programming Languages Mentioned

Python, Ruby

GitHub is changing the way the world builds software, and we want you to help change the way we secure GitHub. We are looking for an experienced Senior Incident Responder to join our remotely distributed incident response team focused on detecting and responding to security threats against GitHubbers, GitHub users, and abuse of GitHub infrastructure.

Interested in investigating mysteries, uncovering and organizing response to malicious activity, tracking bad actors, writing detailed after-action assessments, and coordinating incident response across GitHub, Microsoft, and the broader tech industry?

As a Senior Incident Responder, you will work alongside other members of the GitHub Security, Engineering, Legal, Public Relations, and Support teams to participate in incident response across GitHub's corporate and infrastructure environments. You will investigate malicious or anomalous activity, coordinate technical response and incident communications, and work to turn security incidents into opportunities to better secure GitHub and the internet at large through comprehensive incident retrospectives. A successful applicant will have a desire to participate in diverse incident response teams consisting of technical and non-technical personnel and partner closely with cross-functional business units.

Your responsibilities will include:

  • Coordinating incident response activities across complex and varied environments
  • Developing and executing mitigation and remediation plans to restore the confidentiality and integrity of compromised resources
  • Closely partnering with existing business and engineering teams to evaluate complex security issues and drive long-term risk reduction through incident remediation
  • Drafting comprehensive post-incident assessments to foster continuous improvement in security and business processes and capabilities
  • Creating and maintaining relevant team documentation and standards
  • Maturing incident response process, metrics, and visibility

The minimum qualifications are:

  • 3-6 years or demonstrable proficiency in incident response, security analysis, or investigation.
  • General experience in the following disciplines with deep experience in one or more:
    • Large scale log analysis of standard and custom log types using client and server side log analysis tools such as Splunk, ELK, and Kusto.
    • Responding to abuse or exploitation of vulnerabilities against web platforms.
    • Customer communications.
    • Familiarity with or eagerness to learn about threat detection.
  • Experience collaborating with multiple groups such as internal business or engineering units, external incident response teams, and law enforcement throughout the entire incident lifecycle
  • Experience working with and/or briefing teams, leadership, legal and privacy counsel, and public relations professionals during security incidents.
  • Demonstrable verbal and written communication skills.

Bonus points if you have:

  • Experience investigating attack and abuse activity at large scale.
  • Experience using or securing Linux day-to-day in a production environment.
  • Basic scripting experience with Ruby, Python, Bash, or Powershell.
  • Experience working with git and GitHub.
  • Experience working with distributed teams.

(Colorado only*) Minimum salary of $104,400 to maximum $221,500+ bonus + equity + benefits.
· Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in Colorado. 

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here:

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.


Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄

Get weekly alerts of new jobs from companies not using whiteboard interviews!