_0.png)
Who we are
At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.
Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant, diverse team making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.
See yourself at Twilio
Join the team as our next Staff Analyst, Technical Security Risk
About the job
We are seeking a Technical Security Risk Lead to drive security risk assessments, collaborate with engineering teams, and enhance our technical risk posture. This role is ideal for someone with security engineering expertise who can evaluate risks in cloud environments, infrastructure, applications, and security controls. Rather than focusing on enterprise risk frameworks, this role emphasizes technical security risk management to protect Twilio’s systems and data.
Responsibilities
In this role, you’ll:
- Lead technical security risk assessments across infrastructure, cloud, and applications, applying a risk-based approach to prioritize findings and drive actionable mitigation strategies aligned with business objectives.
- Partner with R&D to assess risks in architecture, infrastructure, and SDLC, providing security guidance in Agile and DevSecOps to ensure security by design and compliance.
- Evaluate and implement automated security tools to identify and mitigate risks at scale and drive meaningful mitigation.
- Develop and refine threat modeling frameworks, leveraging industry standards like STRIDE, PASTA, and MITRE ATT&CK to strengthen risk management and align with our risk landscape.
- Assess the effectiveness of security controls and recommend improvements based on penetration testing, vulnerability scans, and attack surface management, collaborating cross-functionally to ensure actionable and sustainable remediation.
- Use data analytics and risk modeling to assess security risks, translating insights into business terms to guide executive decision-making.
- Define and prioritize risk treatment plans, working with stakeholders to implement mitigating controls and risk reduction strategies while maintaining a clear risk register to ensure timely mitigation and escalation of high-impact risks.
- Develop reports and presentations that translate technical risks into actionable insights for leadership, and communicate effectively with both technical teams and non-technical executives to simplify complex risk scenarios.
- Partner with internal teams to align on security best practices and mitigate identified risks while acting as a security advocate to ensure security is an enabler, not a blocker.
Qualifications
Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
Required:
- 5+ years of experience in security engineering, security architecture, or technical security risk assessment.
- Strong understanding of network security, cloud security (AWS, GCP, Azure), identity & access management (IAM), and secure coding practices.
- Experience with threat modeling, security control evaluations, security risk quantification, and conducting risk assessments to identify, prioritize, and implement effective risk treatment strategies
- Proficiency in security risk frameworks, security automation and tooling
- Hands-on experience implementing security frameworks like MITRE ATT&CK, NIST 800, CIS Benchmarks.
- Ability to work cross-functionally with engineering, security, and compliance teams to improve risk posture.
- Excellent verbal and written communication skills, with the ability to translate technical risks into business impact.
Desired:
- Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
- Industry certifications such as CISSP, GCP, AWS, CRISC, CCSP.
- Previous experience conducting technical risk reviews for software products and cloud environments.
Location
This role will be remote, and based in Alberta, Ontario or British Columbia, Canada.
Travel
We prioritize connection and opportunities to build relationships with our customers and each other. For this role, approximately <5% travel is anticipated to help you connect in-person in a meaningful way.
What We Offer
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.
The estimated pay ranges for this role are as follows:
- Based in British Columbia. : $118,000 - $147,000 CAD
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.
Twilio thinks big. Do you?
We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.
So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now! If this role isn't what you're looking for, please consider other open positions.
Twilio is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.
Twilio is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at [email protected].
