Content Developer/Security Engineer - Insider Risk
See yourself at Twilio
Join the team as our next Content Developer/Security Engineer - Insider Risk
Who we are & why we’re hiring
Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.
Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.
About the job
This position is needed to continue developing content for Twilio’s Insider Risk program. As part of the Threat detection and response organization, this growing team protects the business by detecting and investigating internal threats through monitoring of insider activity based on proven analytics and indicators of risk such as malicious and accidental misuse of otherwise legitimate access to data from people inside the company.
In this role, you’ll:
- Developing content, building threat models, threat policies in Twilio’s insider threat management tool.
- Develop and qualify new use cases, development of rules, testing, and tuning within associated technologies.
- Leverage user behavior analytics [UEBA] to develop a holistic understanding of potential high-risk employee behavior involving cloud infrastructure, network and endpoints.
- Collaborating with multiple stakeholders/vendors and implementing the integrations to various data sources that improves the ability to prevent, detect and respond to insider risks.
- Partner with other groups within the organization and vendor to identify, implement, and document processes to mitigate insider risks and implement the Data Loss Prevention controls.
- Working closely with insider threat analysts to identify gaps, and develop technical and non-technical indicators.
- Leading the creation of metric based reporting to aid in identification of risks, support continuous risk reduction, and constantly seeking opportunities to improve effectiveness of DLP controls.
- Delivering effective, timely and succinct communication of important topics, and issues to relevant business partners.
- Support the quality execution of Insider Threat program projects in accordance with project timelines.
Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
- 4+ years of IT experience with at least 2 years in an information security role, and software development related experience.
- Experience with Cloud based log analytical tools and/or sumo logic, DLP/Insider Threat tools like Prisma, Digital Guardian, Proofpoint TAP, Proofpoint ITM, AWS GuardDuty.
- Experience in writing/consuming APIs.
- 3 years of experience in UEBA/UBA technologies such as Securonix, SNYPR etc
- Experience in anomaly detection, data analytics, behavior analytics, TTPs, data classification.
- Strong knowledge of cloud service provider environments, like AWS, GCP to identify potential Insider risks, protect sensitive data, and mitigation strategies by incorporating UEBA.
- Broad knowledge of Cloud Solutions (IaaS, PaaS, SaaS), IT technologies, operating systems, applications and network security platforms, Including Security Information and Event Management (SIEM) systems.
- Strong verbal/written communication with ability to effectively interact with individuals at all levels of responsibility and authority.
- Strong troubleshooting and organizational skills.
- Strong analytical skills with an aptitude of tracking down the numerous logs to derive substantial data.
- Ability to work between the hours of 9:00 AM - 5:30 PM EST (Eastern Standard Time zone) OR 9:00 AM - 5:30 PM PST (Pacific Standard Time zone), including the flexibility to work additional hours to support during incidents.
- AWS/GCP cloud certification.
- BS in Cyber Security, Information Systems, Information Technology, or Computer Science.
- Experience with SOAR concepts, implementation and execution is a plus.
- Experience in scripting languages such as Python, Java.
- Excellent written and verbal communication skills.
- Ability to influence and build effective working relationships with all levels of the organization.
This role will be based in our India-APAC region. This role will be in-office or remote.
What We Offer
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.
Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.