Twilio is growing exponentially and we are looking for a security engineer to develop a security roadmap, establish organization-wide practices and work with our engineering team and customers to evolve Twilio's security posture.
We are looking for a Senior Security Engineer who is interested in building the next generation of platform systems to support global distribution of Twilio Services. You are someone who wants to be the owner and creator of a cloud based security framework.
You will receive exposure to the unique set of challenges that come from scaling a global service that has to run at 100% availability. You will identify and build expertise on what it means to operate securely on and as a cloud service.
The ability to work across multiple parts of the organization is essential for this role, you should be comfortable talking with engineers and business teams about security. The ability to convey and evangelize security needs should also extend to talk with customers and prospects when necessary.
Work on the Twilio Platform team to evangelize and educate on security and our approaches to it.
Identify risk and vulnerabilities in our organization then work to mitigate these through systems and repeatable automated practices.
Work with Product management on prioritization and with engineering teams on technical approaches to improve or fix security issues.
Twilio provides hosted carrier-class phone and messaging services and our customer must have confidence in our approaches to security. You will be able to convey complex security problems in terms that security professionals and our customers can easily understand.
Take personal responsibility for the security for the Twilio platform, always aiming to improve our readiness against threats.
You are proficient in all aspects of information security principles and practices, maintaining a current awareness of the industry, and you are comfortable discussing pros and cons of different approaches.
You have working experience with network and host intrusion detection systems and techniques. You can run tcpdump and interpret pcap data, configure iptables/ipfw, and run dsniff/arpspoof.
You can explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, etc.
You have a solid understanding of advanced security protocols and standards (encryption, signing, key-exchange, etc.)
You have detailed experience with software architectures and the application of security requirements
You know how to proactively assess potential risks and vulnerabilities in a system and organization.
You have have experience with security practices from web services, SaaS and in high transaction systems.
You focus on continuous improvement and can describe the approaches you have taken.
Hands on. Passionate. Persistent. Creative. You get things done -- you are a doer.
You have given industry talks or presented papers on security. Please sent us links!
Bachelors (preferably Masters) degree in Computer Science or Computer Information Systems, or equivalent experience.
Open source. You do it. You dig it.
Full benefits, including medical, dental and vision
An Amazon Kindle on your first day, and $30/month to spend on books (We love people that are hungry to learn)
Pre-tax commuter benefits
Catered lunches and a weekly team dinner featuring invited technology and entrepreneurial speakers
Excellent gear (“We ❤ Apple computers and big monitors — two if you need ’em”);
A strong belief in life/work balance
Twilio track jacket and shoes after demoing your first Twilio app in front of the company!
How to apply:
Applications without cover letters will not be considered. Here’s some stuff you can include in your cover letter to move your resume to the top of the pile:
Include a link to an app you built using Twilio.
Discuss when and where you built and standardized platform systems across multi-regions/ datacenters.