Twilio - Senior Manager of Offensive Security
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table! • Experience: Minimum of 10+ years in cybersecurity, with at least 5 years specifically in offensive security roles and 2+ years in a leadership or management capacity. • Technical Expertise: Deep knowledge of security frameworks like the MITRE ATT&CK framework, Cyber Kill Chain, and advanced exploitation techniques (e.g., AD, cloud, and applications attacks). • Technical Expertise: • Certifications: Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar • Certifications: • Infrastructure Knowledge: Proficient in attacking and defending diverse environments including AWS/Azure/GCP, Kubernetes, and hybrid-cloud architectures. • Infrastructure Knowledge: • Hands-on AI Testing: Proven experience in automating red teaming for GenAI and proficiency in using AI offensive tools like PyRIT, Prompfoo, Xbow or Counterfit to build and stage AI powered attacks • Hands-on AI Testing: • Tooling Proficiency: Advanced experience with red team and penetration testing tools such as Cobalt Strike, Burp Suite Pro, Metasploit, BloodHound, and Sliver. • Tooling Proficiency: • Programming Skills: Strong ability to code or script in Python, PowerShell, Go, or C++ for exploit development and task automation. • Analytical Thinking: Proven ability to connect individual vulnerabilities into complex attack chains that demonstrate significant business impact. • Analytical Thinking: • Ethical Integrity: A flawless record of ethical conduct and the ability to handle extremely sensitive access and information with total discretion. • Ethical Integrity: • Desired: • Telecom expertise is preferred • Location • This role will be remote, but is not eligible to be hired in CA, CT, NJ, NY, PA, WA. • Travel • We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.
Responsibilities
• Strategic Leadership: Develop and execute a multi-year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research. • Strategic Leadership: • Adversary Emulation: Design and lead full-scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities. • Adversary Emulation: • Program Management: Oversee the end-to-end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting. • Program Management: • Purple Teaming: Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks. • Purple Teaming: • Executive Communication: Translate complex technical findings into actionable business risk assessments for C-suite executives and Board members. • Executive Communication: • Team Mentorship: Recruit, retain, and develop a high-performing team of offensive security engineers, providing technical guidance and career coaching. • Team Mentorship: • Vulnerability Management Integration: Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively. • Vulnerability Management Integration: • Tooling & Automation: Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency. • Tooling & Automation: • Adversarial AI Testing: Conduct specialized threat modeling for AI-native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems). • Adversarial AI Testing: • AI attacks and mitigations: Design and execute manual and automated Prompt Injection & Jailbreaking to bypass model guardrails, system prompts, and safety filters. • AI attacks and mitigations: • Regulatory Compliance: Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI-DSS). • Regulatory Compliance: • Threat Intelligence Integration: Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real-world TTPs (Tactics, Techniques, and Procedures). • Threat Intelligence Integration: • Third-Party Oversight: Manage relationships and quality control for external security consultancy firms performing third-party penetration tests. • Third-Party Oversight: • Research & Development: Encourage and lead research into emerging technologies to identify future attack vectors. • Research & Development: • Cross-Functional Collaboration: Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments • Cross-Functional Collaboration:
Benefits
• Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. • Please note the salary range information provided applies only to candidates residing in California, Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Vermont, Washington D.C., and Washington State due to local requirements. Compensation for candidates in other locations will be discussed during the hiring process. Please note that hiring for this role is not restricted to the locations listed above. • The estimated pay ranges for this role are as follows: • Based in Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, Vermont or Washington D.C. : $188, 240 - 235,300. • Based in New York, New Jersey, Washington State, or California (outside of the San Francisco Bay area): $199,280 - 249,100. • Based in the San Francisco Bay area, California: $221,360 - $276,700. • This role may be eligible to participate in Twilio’s equity plan and corporate bonus plan. All roles are generally eligible for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave. • The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. • Applications for this role are intended to be accepted until May 21st 2026, but may change based on business needs. • Twilio thinks big. Do you? • We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts. • So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now! If this role isn't what you're looking for, please consider other open positions.
No credit card. Takes 10 seconds.