Senior Product Security Engineer

Twilio's mission is to fuel the future of communications. Developers and businesses use Twilio to make communications relevant and contextual by embedding messaging, voice and video capabilities directly into their software applications. Founded in 2008, Twilio has over 650 employees, with headquarters in San Francisco and other offices in Bogotá, Dublin, Hong Kong, London, Madrid, Mountain View, Munich, New York City, Singapore and Tallinn.

Twilio Senior Product Security Engineers are responsible for making sure Twilio products meet the highest security standards in the industry. Successful candidates have a strong software development background, have prior experience working with product teams and are experts at securing applications. You will excel at talking with engineers and business teams, in language they understand, about their products’ and systems’ security posture. You will understand security implications of our products and give guidance to ensure that they are as secure as possible.

**About the job:** * You will build security tools to find and fix security bugs at scale. * A successful candidate will have a proven track record of building secure applications. They should understand the security impacts and security decisions that need to be made to build secure products, and then be able to articulate those to engineers outside the Security team. **Responsibilities:** * Be part of a small, high-impact and multi-talented Security team. * Work with product management and engineering teams to perform security/privacy reviews of their products and systems. * Develop tools to find and fix security issues at scale. * Create automated tests to enforce security standards. * Develop security training and education for developers. * Find vulnerabilities in different tech stacks and languages (Java, Python, Scala, PHP, C/C++). * Excel as an engineer and be a productive member of the team where leadership is a behavioral trait, not a title.

* Strong understanding of vulnerabilities, common attack vectors and how to resolve them. * Ability and interest to educate software engineers on secure coding practices. * Strong understanding of authentication and authorization protocols. * Expert in web application security issues (OWASP 10). * Strong development background and secure coding best practices in different languages/stacks. * Ability to develop threat models and attack trees using a standardized process. * Familiar with cloud technologies and are hands-on with AWS. * Deep experience in a minimum of three (applied cryptography, web app security, security protocols, AWS security, threat modeling, network security, writing secure code).