Sr. Security Engineer - Infrastructure

  • Full-time

Company Description

Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.

Job Description

You will be responsible for helping drive the security of Twitter’s core infrastructure, including on-prem server infrastructure, IT infrastructure, networks, IAM systems, and other core components of Twitter’s stack. You will work with partner teams to help identify, manage and reduce risks. You will design, advocate for, and help build secure-by-default infrastructure that closes off entire classes of security problems.

As an security engineer, you will:

  • Threat model and identify potential risks in designs, configuration, code, or deployed systems as well as designing and implementing mitigation options.

  • Perform secure design reviews and provide input on systems other teams are building.

  • Answer questions from a range of teams pertaining to security subject matter.

  • Identify the trade-offs necessary between security and engineering velocity.

  • Use data to identify security risks and propose security improvements.

  • Drive infrastructure directions and solutions in collaboration with other teams.

  • Mentor and help develop other members of the organization.

Qualifications

You will have many (but need not have all) of the following:

  • 5 or more years of relevant experience (other jobs, grad school, etc) in information security including topics such as security engineering, threat modeling, vulnerability management, pentesting, or security research.

  • 3 or more years of experience in infrastructure security, including topics such as operating system security, network security, cryptography, endpoints, and IAM.

  • Familiarity with Linux administration and various Linux security features such as eBPF, auditd, iptables, AppArmour, seccomp, SElinux, and LUKS.

  • Experience with deploying, configuring, and patching systems at scale (e.g. 10,000+ systems) using systems such as Puppet.

  • Experience securing physical IT and server infrastructure, including both physical and information security concepts.

  • Comfortable inComfort representing security and interfacing with peer teams such as SRE, IT, and Network Engineering.

  • Familiarity with cryptography including symmetric ciphers, asymmetric ciphers, secure channels, secure hash functions, and other fundamental cryptographic constructs.

  • Knowledge of at least one of the programming languages: Go, Python, or Java.

  • Undergraduate degree or equivalent (engineering, social sciences, arts, etc. are all fine)

Additional Information

All your information will be kept confidential according to EEO guidelines.

We care deeply about the people who use our platform. We strive to protect them and ensure they can make informed decisions about how they choose to use Twitter. We put our users first and consider their well-being in all of our decisions.

We care about making work rewarding and productive for everyone, with flexibility in where and how you work, wellness benefits, twenty weeks of parental leave, and unlimited vacation that we believe you should be taking.

We value diversity of experience and ideas. We love sharing knowledge and learning from each other. We have regular lightning talks and get together with the other Twitter teams for tech talks. And there are many study groups you can join.

Privacy Policy