Application Security Engineer

About the job

The Cloud and Application Security team enables delivery of secure by default products to reduce our attack surface against an evolving threat landscape. This position is needed to enhance Twilio’s Application Security capabilities to improve visibility, reduce vulnerabilities and foster secure engineering practices . This role is going to provide thought leadership and help build key aspects of the program in partnership with different InfoSec and Engineering teams. 

Responsibilities

In this role, you’ll:

• Lead Application Security initiatives across different teams to design, build and implement security best practices
• Implement and enhance security automation within CI/CD pipelines
• Maintain Application Security solutions, measure their effectiveness and continuously improve based on strategic priorities 
• Develop and maintain secure coding guidelines and security training for Engineers
• Investigate security vulnerabilities and support incident response as needed
• Research emerging threats, vulnerabilities, and attack techniques to proactively secure applications

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 8+ years of experience in application security, secure software development, or related fields.
• Hands on experience with SAST, SCA, DAST, Secrets, API Security solutions
• Deep understanding of security for Containers, web, APIs, and cloud-native workloads (AWS, Azure, GCP).
• Strong knowledge of OWASP top 10s and modern attack vectors 
• Proficiency in at least one programming language (Python, Go, Java, TypeScript)
• Excellent communication and presentation skills, including an ability to communicate effectively with a diverse array of stakeholders at different levels

Desired:

• Application Security certifications (OSCP, GWAPT, GCPN etc)
• Experience with Threat Modeling

Location

This role will be remote and located in Alberta, Ontario or British Columbia, Canada.