Hunt Specialist/Security Engineer - Insider Risk

Join the team as our next Hunt Specialist/Security Engineer - Insider Risk

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.

We are seeking a Hunt/Security analyst that will work within the Twilio Threat Detection and Response group [TDR]. The analyst will be responsible for risk identification, indicator development, data collection/analysis, support planning, hunting for insider risk incidents and supporting investigations. They will also be supporting the development of a thorough understanding of business practices to identify data loss and insider risk concerns; translating them into configurable technical policies, assisting with development and qualification of new use cases, and associated development of new rules, testing, and tuning within associated technologies. 

Responsibilities

In this role, you’ll:

• Conduct proactive hunts through enterprise networks, endpoints, cloud platform, datasets to detect malicious, suspicious, or risky activities
• Identify and prioritize missing or ineffective detection/prevention/mitigation capabilities by incorporating threat intelligence-driven or hypothesis-based insider risk hunting 
• Support building/testing repeatable detection/remediation capabilities from the hunts
• Coordinate with Insider Risk, Threat Intel/Hunt, Detection Engineering, SIRT teams to identify and implement opportunities for continuous program improvement
• Proactively monitor, triage and escalate findings from detection capabilities
• Provide subject matter expertise to leadership, business areas, and IT Teams as well as support implementation of appropriate data loss prevention security controls and monitoring
• Delivering effective, timely, and succinct communication of important topics, risks, and issues to relevant leadership and stakeholders
• Support log ingestion activities in partnership with application owners and analytics platform teams, co-relate data and build policies to identify insider risks in critical business applications and accordingly implement the DLP controls to mitigate the gaps/risks
• Support BAU when required - review of daily alerts on UAM, triage violations, raise cases and lead co-ordination of investigations across business and partner teams

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• Bachelor’s Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) OR 4+ years of equivalent experience with Data Loss Prevention and Insider Risk Programs [UAM]. 
• 3 years of experience in DLP technologies like Digital Guardian, Proofpoint Cloud Access Security Broker (CASB) etc.
• 3 years of experience in Security Information and Event Management (SIEM) systems such as Splunk,  Sumologic etc
• Knowledge of cloud service provider environment, like AWS, GCP to identify data security risks and mitigation strategies
• Broad knowledge of Cloud Solutions (IaaS, PaaS, SaaS), IT technologies, operating systems, applications and network security platforms
• Experience in anomaly detection, data analytics, behavior analytics, TTPs, data classification
• Training toward Information Security-specific disciplines (CISSP, Security+, SSCP, SANS, CERT, CMU-SEI, CEH certification, etc.)
• Basic scripting and coding skills (Powershell, VBscript, Bash, Python, SQL, etc..)
• Vision to anticipate problems and provide workable solutions
• Ability to work between the hours of 9:00 AM - 5:30 PM EST (Eastern Standard Time zone) OR or 9:00 AM - 5:30 PM PST (Pacific Standard Time zone), including the flexibility to work additional hours to support during incidents

Desired:

• Broad understanding of IT security concepts and Defense-in-Depth practices. 
• Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. 
• Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously; 
• Excellent written and verbal communication skills.
• Ability to influence and build effective working relationships with all levels of the organization.

Location:

India-APAC. This role will be in-office or remote. 

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.