Hunt Specialist/Security Engineer - Insider Risk
Remote - India
TwilioConnect with customers on their preferred channels—anywhere in the world. Quickly integrate powerful communication APIs to start building solutions for SMS and WhatsApp messaging, voice, video, and email.
See yourself at Twilio
Join the team as our next Hunt Specialist/Security Engineer - Insider Risk
Who we are & why we’re hiring
Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.
Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.
About the job
We are seeking a Hunt/Security analyst that will work within the Twilio Threat Detection and Response group [TDR]. The analyst will be responsible for risk identification, indicator development, data collection/analysis, support planning, hunting for insider risk incidents and supporting investigations. They will also be supporting the development of a thorough understanding of business practices to identify data loss and insider risk concerns; translating them into configurable technical policies, assisting with development and qualification of new use cases, and associated development of new rules, testing, and tuning within associated technologies.
In this role, you’ll:
- Conduct proactive hunts through enterprise networks, endpoints, cloud platform, datasets to detect malicious, suspicious, or risky activities
- Identify and prioritize missing or ineffective detection/prevention/mitigation capabilities by incorporating threat intelligence-driven or hypothesis-based insider risk hunting
- Support building/testing repeatable detection/remediation capabilities from the hunts
- Coordinate with Insider Risk, Threat Intel/Hunt, Detection Engineering, SIRT teams to identify and implement opportunities for continuous program improvement
- Proactively monitor, triage and escalate findings from detection capabilities
- Provide subject matter expertise to leadership, business areas, and IT Teams as well as support implementation of appropriate data loss prevention security controls and monitoring
- Delivering effective, timely, and succinct communication of important topics, risks, and issues to relevant leadership and stakeholders
- Support log ingestion activities in partnership with application owners and analytics platform teams, co-relate data and build policies to identify insider risks in critical business applications and accordingly implement the DLP controls to mitigate the gaps/risks
- Support BAU when required - review of daily alerts on UAM, triage violations, raise cases and lead co-ordination of investigations across business and partner teams
Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
- Bachelor’s Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) OR 4+ years of equivalent experience with Data Loss Prevention and Insider Risk Programs [UAM].
- 3 years of experience in DLP technologies like Digital Guardian, Proofpoint Cloud Access Security Broker (CASB) etc.
- 3 years of experience in Security Information and Event Management (SIEM) systems such as Splunk, Sumologic etc
- Knowledge of cloud service provider environment, like AWS, GCP to identify data security risks and mitigation strategies
- Broad knowledge of Cloud Solutions (IaaS, PaaS, SaaS), IT technologies, operating systems, applications and network security platforms
- Experience in anomaly detection, data analytics, behavior analytics, TTPs, data classification
- Training toward Information Security-specific disciplines (CISSP, Security+, SSCP, SANS, CERT, CMU-SEI, CEH certification, etc.)
- Basic scripting and coding skills (Powershell, VBscript, Bash, Python, SQL, etc..)
- Vision to anticipate problems and provide workable solutions
- Ability to work between the hours of 9:00 AM - 5:30 PM EST (Eastern Standard Time zone) OR or 9:00 AM - 5:30 PM PST (Pacific Standard Time zone), including the flexibility to work additional hours to support during incidents
- Broad understanding of IT security concepts and Defense-in-Depth practices.
- Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority.
- Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously;
- Excellent written and verbal communication skills.
- Ability to influence and build effective working relationships with all levels of the organization.
India-APAC. This role will be in-office or remote.
What We Offer
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.
Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.
Twilio is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at firstname.lastname@example.org.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics AWS Bash CEH CERT CISSP Cloud Computer Science GCP IaaS Monitoring Network security PaaS PowerShell Python SaaS SANS Scripting SIEM Splunk SQL SSCP STEM Threat detection Threat intelligence TTPs
More jobs like this
Melbourne, FL or St. … Melbourne, FL or St. Petersburg, FL or … Full TimeSenior Senior-levelUSD 49K - 92K * USD 49K+ *
Cyber AI/ML Engineer (Cyber185)Agile Analytics Artificial Intelligence Automation Bash C +10
401(k) matching Career development Flex hours Flex vacation Health care +4
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs