Staff Analyst, Technical Security Risk

Summary

Join Twilio as our next Staff Analyst, Technical Security Risk and drive security risk assessments, collaborate with engineering teams, and enhance our technical risk posture. This role requires security engineering expertise to evaluate risks in cloud environments, infrastructure, applications, and security controls. You will lead technical security risk assessments, partner with R&D to assess risks, evaluate and implement automated security tools, and develop threat modeling frameworks. The role also involves assessing security controls, using data analytics, defining risk treatment plans, and developing reports and presentations. Success requires 5+ years of experience in security engineering and a strong understanding of network security, cloud security, and secure coding practices. The position is remote, based in Alberta, Ontario, or British Columbia, Canada.

Requirements

• 5+ years of experience in security engineering, security architecture, or technical security risk assessment
• Strong understanding of network security, cloud security (AWS, GCP, Azure), identity & access management (IAM), and secure coding practices
• Experience with threat modeling, security control evaluations, security risk quantification, and conducting risk assessments to identify, prioritize, and implement effective risk treatment strategies
• Proficiency in security risk frameworks, security automation and tooling
• Hands-on experience implementing security frameworks like MITRE ATT&CK, NIST 800, CIS Benchmarks
• Ability to work cross-functionally with engineering, security, and compliance teams to improve risk posture
• Excellent verbal and written communication skills, with the ability to translate technical risks into business impact

Responsibilities

• Lead technical security risk assessments across infrastructure, cloud, and applications, applying a risk-based approach to prioritize findings and drive actionable mitigation strategies aligned with business objectives
• Partner with R&D to assess risks in architecture, infrastructure, and SDLC, providing security guidance in Agile and DevSecOps to ensure security by design and compliance
• Evaluate and implement automated security tools to identify and mitigate risks at scale and drive meaningful mitigation
• Develop and refine threat modeling frameworks, leveraging industry standards like STRIDE, PASTA, and MITRE ATT&CK to strengthen risk management and align with our risk landscape
• Assess the effectiveness of security controls and recommend improvements based on penetration testing, vulnerability scans, and attack surface management, collaborating cross-functionally to ensure actionable and sustainable remediation
• Use data analytics and risk modeling to assess security risks, translating insights into business terms to guide executive decision-making
• Define and prioritize risk treatment plans, working with stakeholders to implement mitigating controls and risk reduction strategies while maintaining a clear risk register to ensure timely mitigation and escalation of high-impact risks
• Develop reports and presentations that translate technical risks into actionable insights for leadership, and communicate effectively with both technical teams and non-technical executives to simplify complex risk scenarios
• Partner with internal teams to align on security best practices and mitigate identified risks while acting as a security advocate to ensure security is an enabler, not a blocker

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field
• Industry certifications such as CISSP, GCP, AWS, CRISC, CCSP
• Previous experience conducting technical risk reviews for software products and cloud environments

Benefits

• Competitive pay
• Generous time-off
• Ample parental and wellness leave
• Healthcare
• A retirement savings program