Senior Manager, Product Security Engineering

GitHub is changing how the world builds secure software and we want you to help change the way we secure GitHub. We’re looking for a Senior Engineering Manager to lead a team within our Product Security Engineering organization that is focused on how we proactively partner with engineering teams to prevent and identify application security vulnerabilities in our products. If you have a strong foundation in application security, an interest in securing impactful products with a broad community, enjoy supporting teams across all experience levels, and are excited by the opportunity to build and manage a world-class security team, then this might be the opportunity for you.

This team collaborates directly with GitHub’s product engineering teams to deliver application security subject matter expertise throughout the development lifecycle. This work starts with the intake and prioritization of security activities for new product initiatives and then shifts to focus on partnering throughout the lifecycle to achieve excellent security outcomes. The team leads security architecture and design reviews, threat modeling, code review, and application security assessments for GitHub’s highest risk and priority products.

This team also partners closely with our tooling, bug bounty, and incident response-focused teams within Product Security Engineering. The team’s subject matter expertise and collaboration with those teams helps us ensure we are identifying opportunities to mitigate risk to our products at all stages of the software development lifecycle.

Some of the typical day-to-day responsibilities of the team includes:

• Pairing with an engineering team to review a proposed design for a new service or product feature and helping ensure it follows security best practices and design patterns 
• Reviewing the code of a new service to identify application security vulnerabilities and collaborating with the engineering team on the plan for mitigation.
• Partnering with our our Product Security Incident Response Team (PSIRT) to perform variant analysis of a vulnerability identified externally in our Bug Bounty program
• Researching and sharing guidance across the team and Security on new emerging vulnerability spaces and building the techniques to identify these into our application security assessment processes

Responsibilities:

• Oversee and mature the day-to-day operations of the team to ensure the team’s partnership and processes are clearly understood with product and engineering teams across GitHub and continuously improved based on feedback
• Drive clarity and manage projects across multiple teams, fostering clear communication, understanding, and process improvements
• Coach and advocate for the team to support their career growth by prioritizing weekly team syncs, consistent 1:1s, individual development planning, and performance reviews
• Partner with GitHub’s engineering and product organizations to champion the resolution of the vulnerabilities identified by the team and communicate these risks to our leadership teams
• Support the team in technical leadership and establish a culture of mentorship, pairing, and knowledge sharing to ensure their expertise identifies the highest risk vulnerabilities in GitHub’s highest priority product areas

Required Qualifications:

• 3 years of people management experience
• 5 years of experience focused on application security and identifying and preventing vulnerabilities common to modern software development
• Experience building and maintaining clear operating models for scoping, scheduling, and delivering application security services or other SDL (Security Development Lifecycle) capabilities
• Experience in leading a team in an asynchronous work environment

Preferred Qualifications

• Proven written and verbal communication skills and ability to understand the value and drivers behind adjusting style and tone for a given audience, including technical and non-technical peers and leaders across the company.
• Experience developing a strategy and roadmap for your teams with a focus on prioritizing the highest impact work to reduce technical risk
• Excitement for fostering a culture of security across engineering practices and processes
• A strong track record of managing performance, calibrating expectations, and building and maintaining high performing, inclusive teams
• Experience using Git and GitHub and understanding of the open source ecosystem

Minimum salary of $104,400 to maximum $276,900.

In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.

These pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. At GitHub certain roles are eligible for benefits and additional rewards, including annual bonus and stock. These rewards are allocated based on individual impact in role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role.

Location: In this role, you can work remotely from anywhere in the United States.

#LI-Remote 

Salary : $104,400 - $276,900