Back to all jobs

Advisory Curation Manager - GitHub Security Lab

GitHub

Dec 06

GitHub is seeking a technical manager to join its Security Lab as manager of the Curation team. The qualified candidate will support and lead the Advisory Database Curation activity and help shape the future of GitHub Advisory Database, and will as well lead the operation of the GitHub CVE program. This role will require close collaboration with GitHub product managers, designers, and engineers on one hand, and with the open source security community on the other hand, to shape the product direction. The candidate will care deeply about cultivating an environment of psychological safety that values experimentation and continuous learning and growth.

The position is a great opportunity for a technical leader willing to take on a first people management role.

Meet the team:

The mission of the GitHub Security Lab is to inspire and enable the community to secure the open source software we depend on. We create a home for security researchers where they can collaborate and share, with the common goal of securing open source software. 

The GitHub Advisory Database is a core part of the Security Lab’s mission. It is the leading source of machine-readable advisory information for open source software. It is the only cross-ecosystem free source of data tailored for open source, compiled and curated by our curation team. Accuracy and timeliness are the key factors of this activity. In addition to fueling GitHub’s Dependabot features, the database is freely available to the world, as a trusted source of data that our users can use to innovate new ways to secure open source.

The GitHub CVE program complements the GitHub Advisory Database. It allows open source maintainers to easily publish advisories and to associate them with CVEs, which are the industry standard for vulnerability identifiers. In 2021, GitHub is the top CNA (CVE Numbering Authority) for open source, next to the last-resort CNA MITRE.

Advisory Curation Manager responsibilities:

  • Oversee the content of GitHub Advisory Database. Make sure that the quality and timeliness of the data meet our objectives. Find ways of improving the breadth and depth of the Advisory Database.
  • Manage the people, processes and tooling that gets advisories into the database, to keep them effective and efficient and support the team’s objectives. 
  • Set objectives, plan the work, track progress and adapt. 
  • Collaborate with engineering, product and design leadership to define and prioritize projects that help us meet our internal objectives.
  • Lead a remote team of four (4) security analysts/advisory curators. Provide frequent coaching, feedback, career guidance, and identify opportunities for growth.
  • Cultivate an environment where team members are empowered through a collective sense of ownership and belonging.
  • Participate in hiring and sourcing to build a diverse, high performance team.
  • Provide clarity to the team, the company and the community, ensuring they have a clear understanding of what we’re doing and why we’re doing it. 
  • Represent the Advisory Database in communities or instances such as openssf.org   

Minimum Qualifications:

  • Deep knowledge of CVEs, GitHub Advisory Database, Dependabot, or equivalent security topics;
  • Deep knowledge of some open source software ecosystem;
  • Excellent verbal and written communication skills in English;
  • Ability to produce concise and quality technical documentation;
  • Experience interacting with customers, users, or community;
  • A track record of teaching and mentoring others, of technical leadership;
  • Experience working in distributed or remote teams;
  • A passion about fostering good team work, tools, and processes.

Preferred Qualifications:

  • Experience managing distributed teams and operating effectively across multiple time zones. 
  • Experience developing a strategy and roadmap for your teams.
  • Previous experience as a security researcher, security engineer or software engineer.
  • Experience interacting with standards committees.

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.

#LI-POST