Staff, Application Security Engineer

Twilio is seeking a Staff Application Security Engineer to join their Cloud and Application Security team. This role is crucial for enhancing Twilio’s Application Security capabilities, improving visibility, reducing vulnerabilities, and fostering secure engineering practices. The ideal candidate will provide thought leadership and collaborate with various InfoSec and Engineering teams to build key aspects of the security program.

The Application Security Engineer will lead initiatives, implement security automation, maintain solutions, develop secure coding guidelines, investigate vulnerabilities, and research emerging threats.

Responsibilities:

• Lead Application Security initiatives across different teams.
• Implement and enhance security automation within CI/CD pipelines.
• Maintain Application Security solutions and measure their effectiveness.
• Develop and maintain secure coding guidelines and security training for Engineers.
• Investigate security vulnerabilities and support incident response.
• Research emerging threats and attack techniques.

Requirements:

• 8+ years of experience in application security or secure software development.
• Hands-on experience with SAST, SCA, DAST, Secrets, API Security solutions.
• Deep understanding of security for Containers, web, APIs, and cloud-native workloads (AWS, Azure, GCP).
• Strong knowledge of OWASP top 10s and modern attack vectors.
• Proficiency in at least one programming language (Python, Go, Java, TypeScript).
• Excellent communication and presentation skills.

What Twilio Offers:

• Competitive pay.
• Generous time-off.
• Parental and wellness leave.
• Healthcare.
• Retirement savings program.