Github Subject Matter Expert

As a highly skilled and experienced Senior DevOps Engineer, your role will be to be the definitive expert in securing the entire software supply chain, focusing primarily on the GitHub Enterprise Cloud environment. Your responsibilities will include designing, implementing, and enforcing security controls, automation, and governance to ensure that the code, configurations, and CI/CD pipelines meet the highest security standards. Key Responsibilities: - Serve as the primary administrator and security lead for GitHub Enterprise Cloud. - Design and enforce organization-wide security policies, including Branch Protection Rules, user permissions, and repository creation standards. - Implement and leverage GitHub Advanced Security (GHAS) features such as Code Scanning (CodeQL), Secret Scanning, and Dependency Review. - Integrate security tools into the CI/CD pipeline using GitHub Actions. - Automate security checks for static code analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA). - Manage and secure sensitive credentials using a Secrets Management platform (e.g., Azure Key Vault). - Maintain and optimize the secure integration of GitHub with the Identity Provider for Single Sign-On (SSO) and automated provisioning. - Implement and enforce Least Privilege Access models for users, teams, and CI/CD service accounts. - Implement and maintain GitHub configurations as code using Terraform or equivalent tools. - Develop automated scripts (Python/Bash) for security reporting, drift detection, and remediation within the GitHub ecosystem. Desirable Qualifications: The ideal candidate will also have experience in: - Securing pipelines that deploy to Azure and understanding cloud security principles. - Implementing OIDC for secure, keyless deployment from GitHub Actions to cloud environments. - Designing automated vulnerability triage and ticketing workflows. - Working with development teams to drive the adoption of secure development practices. - Writing, reviewing, and hardening custom GitHub Actions. This job requires 5+ years of experience in a DevOps, SRE, or Application Security role, along with 3+ years of dedicated experience administering and securing GitHub Enterprise. Expert proficiency with Git and advanced Git workflows, Infrastructure as Code (Terraform), strong scripting skills (preferably Python), and excellent communication and collaboration skills are essential for this role.,