Product Security Engineer
See yourself at Twilio
Join the team as our next Product Security Engineer
Who we are & why we’re hiring
Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.
Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.
About the job
This position is needed to support the Product Security team’s security initiatives, and we’re seeking skilled security engineers who are eager to aid us in creating a more secure product. As a product security engineer at Twilio, you’ll collaborate with other security engineers and the rest of the engineering organization to develop tooling, processes, and services that enable our company to operate more securely while maintaining agility and flexibility.
In this role, you’ll:
- Assist in the development of security tools, automation, and frameworks to streamline security testing.
- Participate in the team's on-call rotation to triage and address security vulnerabilities. This includes vulnerability analysis, validating and verifying fixes, and supporting engineering teams, among other responsibilities.
- Conduct design reviews, threat modeling, and code reviews for upcoming features and products.
- Stay updated on the latest security trends, vulnerabilities, and industry best practices to proactively address emerging threats.
Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
- You have 3+ years of professional experience in Product Security or Vulnerability Assessments.
- You have a solid understanding of software security principles, secure coding practices, common attack vectors and have experience with threat modeling
- You can perform a code review and discover security problems.
- You have experience with automation and are not afraid of software development
- Excellent communication skills and ability to effectively collaborate with cross-functional teams.
- You can manage a project from start to finish by setting goals, defining scope, and determining deliverables.
- You can break down complex security problems into measurable and solvable pieces with timelines and milestones to ensure timely completion.
- You have familiarity with AWS, Docker, Golang, Node.js - huge plus
- You have experience working in enterprise software and SaaS domains
- Knowledge of code scanning tools including Static Application Security Testing (SAST) engines or Software Composition Analysis (SCA)
- You have run a bug bounty program
- You’re involved in the InfoSec community.
- Is willing to share their projects with the wider application security community through open source, blogs, podcasts, and conference talks.
This role will be remote and based in the USA.
Approximately <5% travel is anticipated. Travel is not required, however there may be some occasional travel opportunities due to meetings, conferences, etc.
What We Offer
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.
Twilio thinks big. Do you?
We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.
So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!
If this role isn't what you're looking for, please consider other open positions.
The estimated pay ranges for this role are as follows:
- Based in Colorado: $99,000 - $124,000
- Based in New York, Washington State or California (outside the San Francisco Bay Area): $105,000 - $131,500
- This role may be eligible to participate in Twilio’s equity plan. All roles are eligible for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.
Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.