GitHub Platform & Security Automation Engineer

URSI Technologies Inc.
San Jose, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

San Jose, United States of America

Tech stack

API
Audit Trail
Build Automation
Continuous Integration
Github
Identity and Access Management
Python
Key Management
OAuth
Azure
Security Information and Event Management
Policy as Code
Scripting (Bash/Python/Go/Ruby)
Cloud Platform System
Okta
System Availability
Software Security
GIT
Github Enterprise
Enterprise Integration
GraphQL
REST
Devsecops
Security Orchestration, Automation & Response

Job description

We are seeking a hands-on engineer to drive GitHub Enterprise (GHE) platform security, automation, and operational excellence across large-scale environments. This role will focus on building enterprise-grade controls, improving developer experience, and ensuring compliance through automation and observability., · Design and implement secure GitHub authentication controls, including MFA enforcement for Git CLI/API usage and token governance (PATs, OAuth, GitHub Apps)

  • Build automation to audit and enforce repository governance, including detection of public/internal repos, policy violations, and access misconfigurations
  • Implement and operate end-to-end observability and monitoring for self-hosted GitHub Enterprise (GHE) - availability, performance, security events, and usage trends
  • Develop User Behavior Analytics (UBA) leveraging GitHub audit logs, API telemetry, and integrations (SIEM/SOAR) to identify anomalies, insider risk, and misuse patterns
  • Lead secure migration of repositories across GHE instances, maximizing retention of metadata (issues, PRs, comments, actions, permissions) using GitHub APIs and automation frameworks
  • Define and enforce DevSecOps policies via GitHub Actions, branch protection rules, secret scanning, and code security integrations
  • Work on patching, upgrades, and lifecycle operations for GHE, ensuring high availability and minimal disruption
  • Automate compliance reporting and continuous audit readiness (access reviews, repo classification, artifact traceability), · Implement zero-trust access models for GitHub (device posture + identity-aware access)
  • Integrate supply chain security controls (SBOM, provenance, dependency scanning, signed commits)
  • Build developer productivity tooling (self-service onboarding, repo templates, policy-as-code)
  • Enable GitHub Actions hardening (runner security, secrets management, ephemeral runners)
  • Experience with cross-platform integrations (Okta, Azure AD, SIEM tools, vaults, CI/CD systems)

Requirements

· Strong experience with GitHub Enterprise Server and GitHub APIs/GraphQL

  • Solid background in security automation, IAM, and DevSecOps
  • Experience with Python/Go scripting, REST APIs, and automation frameworks
  • Desirable - Familiarity with SIEM/observability platforms and audit log analytics
  • Prior experience with large-scale repo migrations and platform operations

Apply for this position