Twilio
Build the future of communications.
Senior Manager – Offensive Security
Location
California + 5 moreAll locations: California, Connecticut, New Jersey, New York, Pennsylvania, Washington
Posted
2 days ago
Salary
$188.2K - $276.7K / year
Bachelor Degree10 yrs expEnglishAWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesPythonSDLCGo
Job Description
• Develop and execute a multi-year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research.
• Design and lead full-scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities.
• Oversee the end-to-end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting.
• Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks.
• Translate complex technical findings into actionable business risk assessments for C-suite executives and Board members.
• Recruit, retain, and develop a high-performing team of offensive security engineers, providing technical guidance and career coaching.
• Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively.
• Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency.
• Conduct specialized threat modeling for AI-native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems).
• Design and execute manual and automated Prompt Injection & Jailbreaking to bypass model guardrails, system prompts, and safety filters.
• Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI-DSS).
• Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real-world TTPs (Tactics, Techniques, and Procedures).
• Manage relationships and quality control for external security consultancy firms performing third-party penetration tests.
• Encourage and lead research into emerging technologies to identify future attack vectors.
• Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments.
Job Requirements
- Minimum of 10+ years in cybersecurity, with at least 5 years specifically in offensive security roles and 2+ years in a leadership or management capacity.
- Deep knowledge of security frameworks like the MITRE ATT&CK framework, Cyber Kill Chain, and advanced exploitation techniques (e.g., AD, cloud, and applications attacks).
- Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar
- Proficient in attacking and defending diverse environments including AWS/Azure/GCP, Kubernetes, and hybrid-cloud architectures.
- Proven experience in automating red teaming for GenAI and proficiency in using AI offensive tools like PyRIT, Prompfoo, Xbow or Counterfit to build and stage AI powered attacks
- Advanced experience with red team and penetration testing tools such as Cobalt Strike, Burp Suite Pro, Metasploit, BloodHound, and Sliver.
- Strong ability to code or script in Python, PowerShell, Go, or C++ for exploit development and task automation.
- Proven ability to connect individual vulnerabilities into complex attack chains that demonstrate significant business impact.
- A flawless record of ethical conduct and the ability to handle extremely sensitive access and information with total discretion.
Benefits
- Competitive pay
- Generous time off
- Ample parental and wellness leave
- Healthcare
- A retirement savings program
- This role may be eligible to participate in Twilio’s equity plan and corporate bonus plan.
- All roles are generally eligible for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.
