Senior Manager of Offensive Security

At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote‑first work and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant team with diverse experiences making a global impact each day.

As the Senior Manager of Offensive Security and Red Teaming, you will lead an elite team of ethical hackers and security penetration testers dedicated to proactively uncovering and mitigating vulnerabilities across the enterprise and our products. You are a technical expert and a strategic leader. You will design and oversee sophisticated adversary emulation exercises that challenge our defenses, ensuring that our security team and overall security posture are prepared for real‑world threats.

• Strategic Leadership: Develop and execute a multi‑year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research.
• Adversary Emulation: Design and lead full‑scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities.
• Program Management: Oversee the end‑to‑end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting.
• Purple Teaming: Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks.
• Executive Communication: Translate complex technical findings into actionable business risk assessments for C‑suite executives and Board members.
• Team Mentorship: Recruit, retain, and develop a high‑performing team of offensive security engineers, providing technical guidance and career coaching.
• Vulnerability Management Integration: Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively.
• Tooling & Automation: Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency.
• Adversarial AI Testing: Conduct specialized threat modeling for AI‑native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems).
• AI attacks and mitigations: Design and execute manual and automated Prompt Injection & Jail breaking to bypass model guardrails, system prompts, and safety filters.
• Regulatory Compliance: Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI‑DSS).
• Threat Intelligence Integration: Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real‑world TTPs (Tactics, Techniques, and Procedures).
• Third‑Party Oversight: Manage relationships and quality control for external security consultancy firms performing third‑party penetration tests.
• Research & Development: Encourage and lead research into emerging technologies to identify future attack vectors.
• Cross‑Functional
  
  Collaboration:
  
  Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments.

• Experience: Minimum of 10+ years in cybersecurity, with at least 5 years specifically in offensive security roles and 2+ years in a leadership or management capacity.
• Technical Expertise: Deep knowledge of security frameworks like the MITRE ATT&CK framework, Cyber Kill Chain, and advanced exploitation techniques (e.g., AD, cloud, and application attacks).
• Certifications: Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar.
• Infrastructure Knowledge: Proficient in attacking and defending diverse environments including AWS/Azure/GCP, Kubernetes, and hybrid‑cloud architectures.
• Hands‑on AI Testing: Proven experience in automating red teaming for GenAI and proficiency in using AI offensive tools like PyRIT, Prompfoo, Xbow or…