Security Engineer- Vulnerability Management

**See yourself at Twilio**:
Join the team as our next Security Engineer
- Vulnerability Management

**Who we are & why we're hiring**:
Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a global company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business.

**About the job**:
Twilio is currently seeking a proficient Security Engineer to be an integral part of our dynamic Threat and Vulnerability Management team. This role is pivotal in reducing risks for both Twilio and its clients by efficiently managing vulnerabilities within our systems and products.

Reporting to the Head of Threat and Vulnerability Management, this position is crucial in maintaining and communicating Twilio's risk posture to the management team.

**Responsibilities**:
In this role, you'll:

- Manage Vulnerability Management infrastructure in our production environment for commercial & government Slack environments.
- Leverage vulnerability scanning tools to perform vulnerability management scans on a regular cadence.
- Perform analysis of scan results and determine criticality ratings for vulnerabilities impacting all production environments.
- As vulnerabilities are surfaced through penetration tests, news, and other reporting, map findings to Twilio's environment to determine risk and outcomes.
- Collaborate with key stakeholders on remediation strategies, provide guidance, and follow through closure.
- Report on and track all open vulnerabilities and key metrics around time to completion.
- Identify potential for and implement automation between scanning and reporting tools.

**Qualifications**:
**Required**:

- You have 3+ years of professional experience in information security, with a focus on vulnerability management.
- Strong understanding of security vulnerabilities, threat landscapes, and mitigation techniques.
- Experience with vulnerability scanning tools and techniques.
- Proficiency in scripting or programming languages (e.g., Python, Bash, etc.) for automation of security tasks.
- Excellent problem-solving skills and ability to work under pressure.
- Flexible and able to manage multiple projects under tight deadlines.
- Comfortable with ambiguity and adaptable to fast changing environments
- Strong communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical audiences.

**Desired**:

- Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus.
- Experience operating in a production cloud environment, with expertise in at least one of: server, network, cloud, database; AWS admin and configuration management skills preferred.
- Familiarity with regulatory compliance standards and risk frameworks, including GDPR, HIPAA, SOC 2, ISO 27001 & ISO 27002, and NIST 800-53 & NIST CFS is a plus

**Location**

This role will be based in our Remote and based in Columbia.

**What We Offer**:
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

**Twilio thinks big. Do you?**:
We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

If this role isn't what you're looking for, please consider other open positions.