Develop and execute a multi-year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research.
Design and lead full-scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities.
Oversee the end-to-end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting.
Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks.
Translate complex technical findings into actionable business risk assessments for C-suite executives and Board members.
Recruit, retain, and develop a high-performing team of offensive security engineers, providing technical guidance and career coaching.
Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively.
Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency.
Conduct specialized threat modeling for AI-native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems).
Design and execute manual and automated Prompt Injection & Jailbreaking to bypass model guardrails, system prompts, and safety filters.
Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI-DSS).
Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real-world TTPs (Tactics, Techniques, and Procedures).
Manage relationships and quality control for external security consultancy firms performing third-party penetration tests.
Encourage and lead research into emerging technologies to identify future attack vectors.
Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments.

Requirements

Minimum of 10+ years in cybersecurity, with at least 5 years specifically in offensive security roles and 2+ years in a leadership or management capacity.
Deep knowledge of security frameworks like the MITRE ATT&CK framework, Cyber Kill Chain, and advanced exploitation techniques (e.g., AD, cloud, and applications attacks).
Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar
Proficient in attacking and defending diverse environments including AWS/Azure/GCP, Kubernetes, and hybrid-cloud architectures.
Proven experience in automating red teaming for GenAI and proficiency in using AI offensive tools like PyRIT, Prompfoo, Xbow or Counterfit to build and stage AI powered attacks
Advanced experience with red team and penetration testing tools such as Cobalt Strike, Burp Suite Pro, Metasploit, BloodHound, and Sliver.
Strong ability to code or script in Python, PowerShell, Go, or C++ for exploit development and task automation.
Proven ability to connect individual vulnerabilities into complex attack chains that demonstrate significant business impact.
A flawless record of ethical conduct and the ability to handle extremely sensitive access and information with total discretion.

Benefits

Competitive pay
Generous time off
Ample parental and wellness leave
Healthcare
A retirement savings program
This role may be eligible to participate in Twilio’s equity plan and corporate bonus plan.
All roles are generally eligible for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

offensive securityred teamingpenetration testingvulnerability researchthreat modelingexploit developmentautomating red teamingcoding in Pythonscripting in PowerShellscripting in Go

Soft Skills

leadershipteam developmenttechnical guidancecollaborationcommunicationrisk assessmentdiscretionquality control

Certifications

OSCPOSEPOSWEGXPN