Staff Engineer, Offensive Security

Twilio

about 3 hours ago

Remote, Ireland

Staff+

H1B Sponsor

Responsibilities

Perform manual and automated testing of web applications, APIs, and mobile apps.
Conduct network and cloud level assessments with various tooling.
Triage and validate reports from automated scanners or bug bounty hunters.
Perform initial prompt injection and jailbreak tests on AI prototypes.
Draft high-quality reports detailing the 'path to compromise'.
Manage and update the team's testing infrastructure.
Provide direct technical guidance to engineering teams on patching vulnerabilities.
Design and lead multi-week Red Team operations to test detection capabilities.
Build custom payloads and scripts to bypass security measures.
Create automated testing frameworks for AI systems.
Execute sophisticated attacks against cloud infrastructures.
Collaborate with SIRT and Detection Engineering to tune SIEM alerts.
Oversee the organization's bug bounty program and suggest architectural security changes.

7-10 years of experience in offensive security, penetration testing, or vulnerability exploitation.
Expert knowledge of the MITRE ATT&CK matrix and OWASP Top 10.
Proficient in popular offensive security tools like Burp Suite and Metasploit.
Ability to write functional scripts in Python or Bash for automation.
Possession of advanced industry certifications such as OSCP or OSWE is highly desirable.
Telecom expertise is preferred.
Excellent written and verbal communication skills.

AWSAzureBashKubernetesPythonTensorFlow