See yourself at Twilio

Join the team as our next Content Developer/Security Engineer - Insider Risk

Who we are & why were hiring

Twilio powers real-time business communications & data solutions that help companies & developers worldwide build better applications & customer experiences.

Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia & Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism & all forms of oppression & bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, & we're looking for more builders, creators, & visionaries to help fuel our growth momentum.

About the job

This position is needed to continue developing content for Twilios Insider Risk program. As part of the Threat detection & response organization, this growing team protects the business by detecting & investigating internal threats through monitoring of insider activity based on proven analytics & indicators of risk such as malicious & accidental misuse of otherwise legitimate access to data from people inside the company.

Responsibilities

In this role, youll:

• Developing content, building threat models, threat policies in Twilios insider threat management tool.
• Develop & qualify new use cases, development of rules, testing, & tuning within associated technologies.
• Leverage user behavior analytics [UEBA] to develop a holistic understanding of potential high-risk employee behavior involving cloud infrastructure, network & endpoints. 
• Collaborating with multiple stakeholders/vendors & implementing the integrations to various data sources that improves the ability to prevent, detect & respond to insider risks.
• Partner with other groups within the organization & vendor to identify, implement, & document processes to mitigate insider risks & implement the Data Loss Prevention controls.
• Working closely with insider threat analysts to identify gaps, & develop technical & non-technical indicators.
• Leading the creation of metric based reporting to aid in identification of risks, support continuous risk reduction, & constantly seeking opportunities to improve effectiveness of DLP controls.
• Delivering effective, timely & succinct communication of important topics, & issues to relevant business partners.
• Support the quality execution of Insider Threat program projects in accordance with project timelines.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, & we encourage everyone who meets the required qualifications to apply. While having desired qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 4+ years of IT experience with at least 2 years in an information security role, & software development related experience.
• Experience with Cloud based log analytical tools and/or sumo logic, DLP/Insider Threat tools like Prisma, Digital Guardian, Proofpoint TAP, Proofpoint ITM, AWS GuardDuty.
• Experience in writing/consuming APIs.
• 3 years of experience in UEBA/UBA technologies such as Securonix, SNYPR etc 
• Experience in anomaly detection, data analytics, behavior analytics, TTPs, data classification.
• Strong knowledge of cloud service provider environments, like AWS, GCP to identify potential Insider risks, protect sensitive data, & mitigation strategies by incorporating UEBA.
• Broad knowledge of Cloud Solutions (IaaS, PaaS, SaaS), IT technologies, operating systems, applications & network security platforms, Including Security Information & Event Management (SIEM) systems.
• Strong verbal/written communication with ability to effectively interact with individuals at all levels of responsibility & authority.
• Strong troubleshooting & organizational skills.
• Strong analytical skills with an aptitude of tracking down the numerous logs to derive substantial data.
• Ability to work between the hours of 9:00 AM - 5:30 PM EST (Eastern Standard Time zone) OR  9:00 AM - 5:30 PM PST (Pacific Standard Time zone), including the flexibility to work additional hours to support during incidents.
• AWS/GCP cloud certification.

Desired:

• BS in Cyber Security, Information Systems, Information Technology, or Computer Science.
• Experience with SOAR concepts, implementation & execution is a plus.
• Experience in scripting languages such as Python, Java.
• Excellent written & verbal communication skills.
• Ability to influence & build effective working relationships with all levels of the organization.

Location 

This role will be based in our India-APAC region. This role will be in-office or remote. 

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental & wellness leave, healthcare, a retirement savings program, & much more. Offerings vary by location.