Senior Director, Threat Detection and Response

Join the team as Twilio’s next Senior Director, Threat Detection and Response

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a global company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business.

The Director Threat Detection & Response will lead the Incident Response, Threat Hunting, Intelligence and Detection Engineering teams to provide actionable intelligence, monitor the ever evolving threat landscape, and manage the lifecycle of response to all security incidents on Twilio’s corporate and engineering systems, applications and infrastructure. This position will also oversee the production of intelligence reports for Twilio to drive strategic and tactical improvements to our security posture.

In this role, you’ll:

• Accountable for the design, implementation, and continuous improvement of the Security Incident Response Team (SIRT), its processes, and technical implementation.
• Build, maintain, and provide inspiring leadership for a team of incident response professionals, security analysts, threat intelligence analysts and security engineers. Mentor and train team members to excel and achieve their goals.
• Build and mature a threat detection and response strategy including tooling and governance that brings the whole Twilio enterprise under the SIRT scope, including M&As.
• Create and manage detailed playbooks and a multi-level response structure for responding to different classes of incidents.
• Act as primary contact during security crisis situations for executive and senior management and ensure timely and comprehensive updates in a reliable manner.
• Contribute heavily to customer response in the event of a security incident.
• Coordinate closely with key stakeholders in Infosec, Corporate Security, IT, Legal, R&D, HR, Brand/Marketing, and Customer Support during regular operations and while providing incident response. 
• Establish a correlation engine, tooling, and process to identify incident patterns so the analysts can quickly respond to the most critical incidents.
• Establish an automation strategy that allows SIRT to close most common incident types without human intervention.
• Leverage defense exercises to accelerate improvements in detection and response capabilities.
• Develop and mature strategic, operational and tactical intelligence capabilities.
• Prioritize tracking of new threats and analysis of existing threats.
• Establish clear connections between Threat Intelligence, Insider risk and SIRT so that Twilio’s threat detection and response continues to move to a higher level of maturity.
• Heavily influence the larger Infosec strategy based on information and patterns gathered from SIRT and threat intelligence.
• Develop, refine, and report metrics, KPIs, and KRIs for all Threat Detection & Response activities.
• Manage budget and timeline for all projects relevant to security incident response.

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 10+ years of relevant experience in a security leadership position with a focus on security incident response and detection & response engineering. Experience in building and maintaining capabilities typically found in a Security Operation Center
• Deep understanding of detection engineering, network monitoring, vulnerability management, threat intelligence, digital forensics, and other key security incident response capabilities, how to create them, and how to optimize them
• Full knowledge of the MITRE ATT&CK framework and how it applies to network defense (or comparable knowledge)
• Understanding of compliance (such as FedRAMP, SOC 2, PCI-DSS, HIPAA, ISO 27001) requirements and controls relevant to security incident response, and experience how to implement such controls
• Comprehensive knowledge of public cloud service providers, especially AWS, Azure, and GCP, and how to create scalable and adaptable security controls for detection and response.
• Highly competent in SOAR, SIEM, NIDS/HIDS, cloud monitoring tools, Kubernetes, and other relevant technology
• Knowledge of Legal, PR/Marketing, and customer support concerns regarding incident response, including confidentiality, message framing, privacy concerns, etc.
• Advanced understanding of common offensive practices, how to detect them, and how to defend against them
• Experience planning complex projects and executing on time and on budget

Desired:

• Very strong collaboration skills through a large variety of communication channels
• Demonstrated leadership, including ability to motivate teams under severe pressure or stress
• Excellent written and verbal communication skills and meticulous attention to detail
• High degree of empathy for others
• Proven record of self-motivation and the ability to work with minimum supervision
• You can transition between break/fix and business strategy sessions with ease
• Experience working with executive and senior leaders to interpret business challenges into technical solutions
• Quick learner, proactive individual with the ability to work in a dynamic, fast changing environment
• Able to manage global and diverse technical teams
• Critical thinking and detail orientation are very important

Location

This role will be remote, and based in the USA. 

*Please note this role is open to candidates outside of Colorado, California, New York, and Washington. The information below is provided for candidates hired in those locations only.

The estimated pay ranges for this role are as follows:

• Based in Colorado: $234,480 - $293,100
• Based in New York, Washington State, or California (outside of the San Francisco Bay area): $248,320 - $310,400
• Based in the San Francisco Bay area, California: $275,840 - $344,800
• This role is eligible to participate in Twilio's equity plan and the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave. 

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state. 

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.

Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.

Twilio is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at accommodation@twilio.com.