Staff Security Engineer, General
- Full-time
Company Description
Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.
Job Description
You will be responsible for helping drive the security of Twitter’s systems, ranging from on-prem server infrastructure to application-level code. We are open to applicants with experience in a range of security areas, as our team works across Twitter’s stack. You will work with partner teams to help identify, manage and reduce risks. You will design, advocate for, and help build secure-by-default infrastructure that closes off entire classes of security risk.
As a security engineer, you will:
Threat model and identify potential risks in designs, configuration, code, or deployed systems, as well as designing and implementing mitigation options.
Perform secure design reviews and provide input on systems other teams are building.
Answer questions from a range of teams pertaining to security subject matter.
Identify the trade-offs necessary between security, velocity, and business goals.
Use data to identify security risks and propose security improvements.
Drive infrastructure or application security solutions in collaboration with partner teams.
Mentor and help develop other members of the organization.
Qualifications
You will have many (but need not have all) of the following:
8 or more years of relevant experience (other jobs, grad school, etc) in information security including topics such as security engineering, threat modeling, vulnerability management, web application security, pentesting, or security research.
Experience providing security advice on topics such as operating system security, web application security, cryptography, IAM, security usability/UX, and related topics.
Experience securing systems at scale (e.g. 10,000+ nodes) using tools such as Puppet, k8s, or other configuration management or orchestration systems.
Experience building threat models and helping other teams do the same.
History of advocating for the security of systems and their end users, and communcting why security is important to a range of stakeholders.
Comfortable representing security and interfacing with other engineering teams.
Familiarity with cryptography including symmetric ciphers, asymmetric ciphers, secure channels, secure hash functions, and other fundamental cryptographic constructs.
Knowledge of at least one of the programming languages: Go, Python, Java, or Scala.
Undergraduate degree or equivalent (engineering, social sciences, arts, etc. are all fine)
Additional Information
We care deeply about the people who use our platform. We strive to protect them and ensure they can make informed decisions about how they choose to use Twitter. We put our users first and consider their well-being in all of our decisions.
We care about making work rewarding and productive for everyone, with flexibility in where and how you work, wellness benefits, twenty weeks of parental leave, and unlimited vacation that we believe you should be taking.
We value diversity of experience and ideas. We love sharing knowledge and learning from each other. We have regular lightning talks and get together with the other Twitter teams for tech talks. And there are many study groups you can join.