Staff Security Engineer, Threat Hunt & Research

Denver, Colorado, United States

Applications have closed
Twilio logo


With Twilio, unite communications and strengthen customer relationships across your business – from marketing and sales to customer service and operations.

View all employer listings

Find more jobs like this

See yourself at Twilio

Join the team as our next Staff Security Engineer, Threat Hunt & Research.

Who we are & why we’re hiring

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we're on a journey to becoming a globally antiracist company that supports diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.

About the job

In this position, we need someone who can think like a cyber attacker attempting to circumvent security measures. As a technical subject matter expert, you’ll perform investigations into threat actor activity in our products, services, and networks, and you’ll identify opportunities to build technical solutions to help Twilio meet our toughest challenges. This is a chance to think differently about cyber defense, and to develop the next generation of security analytics. You will act as a primary technical resource (and escalation point) for operational incident support, fraud investigations, threat analysis, and threat hunting.

Twilio is looking for a technical SME who lives the Twilio Magic and has demonstrated success hunting and mitigating threats across the enterprise and beyond. The Security Operations team is vital to ensuring that Twilio operations leadership has access to actionable intelligence that informs decision making on a global scale.


In this role, you’ll:

  • BE AN OWNER: Subject matter expert on logs to enable Twilio to query, process and manipulate in a variety of platforms and formats
  • DRAW THE OWL: Proactively hunt for threats and vulnerabilities from various angles and disciplines including social media and the dark web.
  • NO SHENANIGANS: Conduct in-depth research in security and big data technologies to identify trends, best practices, and potential gaps in security.
  • DON’T SETTLE: Identify credible, new intelligence and subject matter resources relative to current/emerging threats
  • BE INCLUSIVE: Support projects via engineering, testing, implementation, and integration.

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!


  • To comply with Executive Order 14042, all Twilio employees working in the U.S. are required to submit proof of vaccination for COVID-19 unless they qualify for a medical or religious accommodation / exemption.  Employees onboarded after January 4, 2022 must submit proof of vaccination or receive approval for an exemption prior to their Twilio start date. 
  • 8+ years of experience at the sharp end of cyber security, including at least 2 years experience identifying, investigating, and mitigating or exploiting (legally) cyber security threats or vulnerabilities.
  • Experience conducting proactive technical investigations and response to threats across the full spectrum of adversary capabilities, from everyday, through cybercriminal, to Advanced Persistent Threat (APT).
  • Understands the range of security controls that can be leveraged against attackers.
  • Confident analyzing and interpreting log files from various sources, including endpoints, network devices, applications, and cloud services.
  • Experience applying some formal analytical methods and data analysis techniques to investigations to maximise robustness, completeness, and correctness.
  • Knowledge of, and experience applying, multiple models of threat actor behaviour, such as the MITRE ATT&CK Framework,Cyber Kill Chain, Diamond Model, and Adversary Lifecycle Analysis.
  • Ability to provide adversary mitigation recommendations and to present executive-level recommendations in light of novel and technically complicated attack scenarios.
  • Ability to demonstrate extensive knowledge of relevant technical cyber security subjects through any combination of formal education awards, professional certifications, conference presentations, published technical papers, unpublished primary research, contributions to the infosec community or open source software, authoritative personal recommendations, or similar.


  • Python, SQL experience

This role will be remote in the US with a preference for candidates located in MST/PST.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.



*Please note this role is open to candidates outside of Colorado as well. The information below is provided for those hired in Colorado only.

*If you are a Colorado applicant:

  • The estimated pay range for this role, based in Colorado, is $116,312 - $166,160
  • Non-Sales: Additionally, this role is eligible to participate in Twilio's equity plan.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state. This role is also eligible to participate in Twilio’s equity plan and for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.

Important COVID-19 Guidance (For candidates applying to roles in the United States):

To comply with Executive Order 14042, all Twilio employees working in the U.S. are required to submit proof of vaccination for COVID-19 unless they qualify for a medical or religious accommodation / exemption. Employees onboarded after January 4, 2022 must submit proof of vaccination or receive approval for an exemption prior to their Twilio start date.   

Job region(s): North America
Job stats:  18  2  1

Explore more Information Security career opportunities