GitHub Platform & Security Automation Engineer (GHE / DevSecOps)

GitHub Platform & Security Automation Engineer (GHE / DevSecOps)

Loc: San jose, CA 

Role: GitHub Platform & Security Automation Engineer (GHE / DevSecOps)

We are seeking a hands-on engineer to drive GitHub Enterprise (GHE) platform security, automation, and operational excellence across large-scale environments. This role will focus on building enterprise-grade controls, improving developer experience, and ensuring compliance through automation and observability.

Key Responsibilities

·      Design and implement secure GitHub authentication controls, including MFA enforcement for Git CLI/API usage and token governance (PATs, OAuth, GitHub Apps)

Build automation to audit and enforce repository governance, including detection of public/internal repos, policy violations, and access misconfigurations
Implement and operate end-to-end observability and monitoring for self-hosted GitHub Enterprise (GHE) — availability, performance, security events, and usage trends
Develop User Behavior Analytics (UBA) leveraging GitHub audit logs, API telemetry, and integrations (SIEM/SOAR) to identify anomalies, insider risk, and misuse patterns
Lead secure migration of repositories across GHE instances, maximizing retention of metadata (issues, PRs, comments, actions, permissions) using GitHub APIs and automation frameworks
Define and enforce DevSecOps policies via GitHub Actions, branch protection rules, secret scanning, and code security integrations
Work on patching, upgrades, and lifecycle operations for GHE, ensuring high availability and minimal disruption
Automate compliance reporting and continuous audit readiness (access reviews, repo classification, artifact traceability)
Nice-to-Have / Value-Add Areas

·                     Implement zero-trust access models for GitHub (device posture + identity-aware access)

Integrate supply chain security controls (SBOM, provenance, dependency scanning, signed commits)
Build developer productivity tooling (self-service onboarding, repo templates, policy-as-code)
Enable GitHub Actions hardening (runner security, secrets management, ephemeral runners)
Experience with cross-platform integrations (Okta, Azure AD, SIEM tools, vaults, CI/CD systems)
Qualifications

·        Strong experience with GitHub Enterprise Server and GitHub          APIs/GraphQL

Solid background in security automation, IAM, and DevSecOps
Experience with Python/Go scripting, REST APIs, and automation frameworks
Desirable – Familiarity with SIEM/observability platforms and audit log analytics
Prior experience with large-scale repo migrations and platform operations