Security Engineer - Vulnerability Management

See yourself at Twilio

Join the team as our next Security Engineer- Vulnerability Management

Who we are & why we’re hiring

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a global company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business.

About the job

Twilio is currently seeking a proficient Security Engineer to be an integral part of our dynamic Threat and Vulnerability Management team. This role is pivotal in reducing risks for both Twilio and its clients by efficiently managing vulnerabilities within our systems and products.

The ideal candidate for this role should be an exceptional individual contributor, embodying  the Twilio Magic. and possessing deep expertise in managing security vulnerabilities. This candidate will have the opportunity to work across the enterprise, collaborating with all business units, including Business information Security Officers (BISOs), Threat Detection & Response, Threat Intelligence, Security Architects, and Security Engineers, among others. Their role will be to help identify threats and vulnerabilities, prioritize and analyze them, and assist in reporting and supporting remediation efforts. 

Reporting to the Head of Threat and Vulnerability Management, this position is crucial in maintaining and communicating Twilio’s risk posture to the management team.

Responsibilities

In this role, you’ll:

• Manage Vulnerability Management infrastructure in our production environment for commercial & government environments.
• Leverage vulnerability scanning tools to perform vulnerability management scans on a regular cadence.
• Perform analysis of scan results and determine criticality ratings for vulnerabilities impacting all production environments.
• As vulnerabilities are surfaced through penetration tests, news, and other reporting, map findings to Twilio’s environment to determine risk and outcomes.
• Collaborate with key stakeholders on remediation strategies, provide guidance, and follow through closure.
• Report on and track all open vulnerabilities and key metrics around time to completion.
• Identify potential for and implement automation between scanning and reporting tools.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• You have 3+ years of professional experience in information security, with a focus on vulnerability management.
• Strong understanding of security vulnerabilities, threat landscapes, and mitigation techniques.
• Experience with vulnerability scanning tools and techniques.
• Proficiency in scripting or programming languages (e.g., Python, Bash, etc.) for automation of security tasks.
• Excellent problem-solving skills and ability to work under pressure.
• Flexible and able to manage multiple projects under tight deadlines.
• Comfortable with ambiguity and adaptable to fast changing environments
• Strong communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical audiences.

Desired:

• Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus.
• Experience operating in a production cloud environment, with expertise in at least one of: server, network, cloud, database; AWS admin and configuration management skills preferred.
• Familiarity with regulatory compliance standards and risk frameworks, including GDPR, HIPAA, SOC 2, ISO 27001 & ISO 27002, and NIST 800-53 & NIST CFS is a plus

Location 

This role will be based in our Remote and based in Colombia.  

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.