Who We Are: 

The Application Security (AppSec) team is a blend of security engineers and security-focused software engineers helping ensure Twitter builds and maintains secure software. In addition, we conduct security assessments, provide guidance, develop tooling, and advocate and train engineers throughout the systems development lifecycle (SDLC) to ensure security is prioritized at each step of development. Diversity makes us a better organization and team. We value diverse backgrounds, ideas, and experiences.

What You'll Do:

As a Security Engineer, you'll join a team of talented security engineers working to reduce risk across the company. We work with engineering and product teams to provide security expertise during each phase of the SDLC and take a leadership role in driving security initiatives. We identify recurring classes of security problems, find the root cause, and develop generalized and creative solutions to reduce the occurrence of application vulnerabilities at scale. We strive to advocate and teach security to engineers. Additionally, we assist with third-party security assessments and operate Twitter’s bug bounty program.

Qualification:

The ideal individual has both application security expertise and development experience. They have in-depth knowledge of application security and can identify potential risks in designs, code, or deployed applications. They should also have experience with threat modeling, security reviews, pen-testing and providing security guidance to development teams. They recognize the importance of building security solutions that scale both technically and organizationally and adapt to changing business requirements. They enjoy advocating security by writing, giving talks, or hosting educational sessions for developers.

Qualifications

You will meet most (but need not meet all) of the following points:

• Bachelor’s or advanced Degree in Computer Science or closely related field.

• 4+ years of relevant experience.

• Familiarity with microservice architecture and interactions with AWS platform (Boto3/Python).

• Expertise with web security standards such as CSP, CORS, and emerging web security technologies.

• Understanding of security challenges in service architectures or large distributed systems.

• Expertise with browser security controls and web application security best practices.

• Experience with finding security design flaws and implementation bugs. 

• Experience building security and process improvement tools. 

• Experience communicating security concerns and issues to non-technical audiences.

• Experience building tools and processes to reliably identify security issues and logic flaws across large code bases.

Company Description

Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with a conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.

Additional Information: A few other things we value:

Challenge - We solve some of the industry’s hardest problems. Come to be challenged, learn, and thrive as an engineer.

Diversity - Diversity makes us a better organization and team. We value diverse backgrounds, ideas, and experiences.

Work, Life, Balance - We work hard, but we believe with hard work should come balance.

We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.

San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records

Notice (Colorado Equal Pay for Equal Work Act)

The expected salary range for this role to be performed in Colorado is USD$146,000.00 - USD$204,000.00. Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. This range may be modified in the future.

This job is also eligible for participation in Twitter’s Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.

Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave. Twitter's benefits prioritize employee wellness and progressive support to our diverse workforce.