Senior Engineer, Security Incident Response

See yourself at Twilio

Join the team as our next Senior Security Engineer, Incident Response on Twilio’s Security Incident Response Team (SIRT).

Who we are 

At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant, diverse team making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.

About the job

The Security Incident Response Engineer will be responsible for responding to all security events and incidents across Twilio’s global infrastructure, services and applications. The Security Incident Response Team (SIRT) supports Twilio’s mission of security and reliability by working across the organization to lead the response to security events and incidents across Twilio by effectively conducting triage, containment, remediation and driving post-incident betterments. 

Responsibilities

In this role, you’ll:

• Lead and support the response to all security events and incidents across Twilio’s complex global infrastructure, services and applications.
• Own the security incident lifecycle, respond to incidents and participate in on-call rotation and participate in RCAs for security incidents.
• Work to improve Twilio’s security and reliability posture by driving identified betterments from security events and incidents.
• Support large projects end-to-end that will improve Twilio’s Threat Detection and Response (TDR) capabilities and initiatives.
• Be responsible for documentation of incidents and projects you work on and craft best practices as runbooks and standard operating procedures to share knowledge across teams
• Rapidly acquire new technical skills and knowledge in a fast-paced, highly disruptive industry environment.
• Understand security vulnerabilities, attacker exploit techniques, and methods for their remediation.
• Execute on the vision and develop creative innovative approaches to accelerate threat response and remediation of security incidents. 

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 5+ years of experience in Cybersecurity with a focus on incident response, digital forensics, security engineering, and/or intrusion detection.
• Experience with log analysis and forensic tools.
• Experience with AWS, GCP or other public cloud infrastructure platforms.
• Experience with REST API, container and serverless security.
• Expertise in solving complex production security issues.
• Experience with Sumo Logic & Bigquery.
• Experience with automation.
• Communicate clearly and concisely, orally and in writing.
• Desire to collaborate across teams on best practices to build, test and operate security incident response capabilities at scale.
• Schedule: ability to work ‘non-standard’ hours, to overlap as needed with colleagues and stakeholders in other global locations, and with the potential for future on-call rotation, including weekend and holiday hours.

Desired:

• Experience leveraging automation to improve operational security metrics and dashboards by identifying security response gaps in systems, services and processes and propose and deliver solutions to close security monitoring gaps.
• You are proficient in cloud technologies and are hands-on in at least one cloud platform: GCP, AWS, or Azure. You are able to both design and develop cloud-based automated security response playbooks and operate them in an automated fashion.
• Experience with SaaS application and security vulnerabilities. 

Location

This role will be remote and based in Canada.

Travel 

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

Applications for this role are intended to be accepted until 12/25/2024 but may change based on business needs.