Principal Security Engineer, Incident Response

See yourself at Twilio

Join the team as our next Principal Security Engineer, Incident Response (L5)

Who we are & why we’re hiring

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we're on a journey to becoming a globally antiracist company that supports diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.

About the job

This position is needed to maintain customer trust through extraordinary discipline and technical support. Twilio’s Threat Detection and Response (TDR) team is responsible for detecting and responding to all security incidents on Twilio’s complex global network. TDR Security Engineers support this mission by working across the organization to identify and collect useful sources of data, understand security architectures and capabilities, oversee our holistic vulnerability management program, and lead our security incident response efforts.

Responsibilities

In this role, you’ll:

• Ruthlessly Prioritize: Collaborate with our cross-functional engineering partner teams to build automated security incident triage, containment and eradication solutions to ensure that our systems, applications and data remain secure.
• Be an Owner: Lead end-to-end security incident response activities to include host and network forensics, log analysis, malware analysis and more.
• Don’t Settle: Enhance our current logging pipeline to help ingest the right data sources needed to improve our incident response capabilities.
• Draw the Owl:Leverage novel engineering approaches to tackle complex security incidents problems and build automation to support identification of anomalous activity at scale.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 7+ years of hands-on in-depth knowledge and technical experience in security operations including investigations, incident response, incident management, digital forensics, threat hunting, and/or intrusion detection.
• Experience as an incident commander handling large-scale, persistent, sophisticated attacks in complex heterogeneous environments. 
• Ability to work calmly and collaboratively in critical high-stress situations with expediency maintaining outstanding organizational, prioritization, and multitasking skills.
• Deep experience with the majority of security log signals from Linux, macOS, Windows, EDR, NSM, and public cloud (AWS, GCP, and/or vendor SaaS Integrations).
• Experience writing code in a production environment and automating security response using incident response technologies (SIEMs, EDR and identity solutions)
• Familiarity responding and containing security incidents through deep knowledge of the MITRE ATT&CK Framework
• Demonstrated history of mentoring junior engineers with a commitment towards sharing experiences and good security practices with the security community.
• Schedule: ability to work non-standard, on-call rotation weekend and holiday hours

Desired:

• Hands-on experience with container orchestration technologies

• Demonstrated experience in common tooling including but not limited to: SumoLogic, Splunk, Bigquery, Crowdstrike Falcon or similar.

• Python, SQL experience

Location 

This role will be remote.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.

*Please note this role is open to candidates outside of Colorado as well. The information below is provided for those hired in Colorado only.

*If you are a Colorado applicant:

• The estimated pay range for this role, based in Colorado, is $176,080 - $220,100.
• Additionally, this role is eligible to participate in Twilio's equity plan.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state. This role is also eligible to participate in Twilio’s equity plan and for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.

Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.

Twilio is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at [email protected].