developer-apis enterprise-software telephony
San Francisco, CA

Security Compliance Engineer


Twilio Security is looking for someone with enthusiasm and fresh ideas on how to automate and scale out information security compliance program. Twilio has bold plans for security compliance and this role is imperative for success.

You’ll be challenged to drive the implementation of our compliance automation framework. You’ll need to build strong relationships with our engineering teams and support their efforts meeting our compliance goals. You’ll devise creative methods for helping engineering teams build compliance controls into their stack without negatively impacting their ability to deliver rapid improvements to Twilio products. If you’re looking for a role that will have a huge impact on a company, look no further!  


  • Will lead the design, development and implementation of a compliance system to satisfy internal and external regulatory requirements.
  • Automate security compliance controls and evidence gathering over a large scale cloud environment.
  • Measure the success of the security solutions towards compliance requirements with metrics and dashboards, continually improving the effectiveness of the overall security compliance capabilities.
  • Provide guidance on the implementation of legal and regulatory requirements derived from information security standards (e.g., ISO/IEC, NIST, PCI-DSS, HIPAA, CSA, SOC, etc.).
  • Understand complex problems easily and come up with simple, practical, reliable, and maintainable solutions.
  • Support customer and audit requests, as needed.

Skills Required:

  • Use your development skills to build, develop and maintain systems and platforms that make it easy to meet compliance requirements across many engineering teams, products, programming languages, etc.
  • 5+ years experience in distributed systems, high availability, microservices.
  • 5+ years Hands-on experience developing tooling and RESTful services.
  • Functional knowledge of common security legal and regulatory requirements (e.g., ISO/IEC 27001, SOC1, SOC2, Webtrust, etc.) and ability to identify actionable and scalable solutions to gaps identified.
  • Experience with risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., PCI, SOC, HIPAA, HITRUST, HITECH, FedRAMP, NIST, ISO/IEC 2700X, COBIT, FFIEC, NERC CIP, etc.).  
  • Experience interpreting requirements from those standards and helping teams implement technical controls to meet (and exceed) them.
  • Degree and/or experience in Management Information Systems, Information Security and/or Computer Science
  • You have or are willing to obtain a certification such as: CISSP, CISA, CCSP, CCSK, CIPP, PMP, CRISC, CFCP, or CGEIT

About us:

Twilio's mission is to fuel the future of communications. Developers and businesses use Twilio to make communications relevant and contextual by embedding messaging, voice and video capabilities directly into their software applications. Founded in 2008, Twilio has over 1000 employees, with headquarters in San Francisco and other offices in Bogotá, Dublin, Hong Kong, London, Madrid, Mountain View, Munich, New York City, Singapore and Tallinn.

Twilio is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status and operate in compliance with the San Francisco Fair Chance Ordinance.

Work with this stack