Application Security Engineer

Seattle, WA
Who We Are

The Information Security (InfoSec) team is a blend of security engineers and security-focused software engineers helping ensure Twitter builds and maintains secure software. In addition we consult, develop tooling, and advocate and train engineers throughout the SDLC to ensure security is prioritized at each step of development.

What You’ll Do

As a Security Engineer, you'll join a team of talented security engineers working to reduce risk across the company. We work as consultants across the organization to identify risk and impact to the company, and communicate that impact to teams and management. We identify recurring classes of security problems, find the root cause, and develop generalized solutions. We strive to advocate and teach security to engineers. Additionally, you will assist with third-party security assessments and Twitter’s vulnerability rewards program. You will be responsible for helping remove friction in the security ecosystem via automation and tooling for teams.

Who You Are

The ideal individual has both application security expertise and development experience. They will have in-depth knowledge of application security and can identify potential risks in code or in deployed applications. They should also have experience with threat modeling and providing security guidance to development teams. You recognize the importance of building security solutions that scale and adapt to changing business requirements. You enjoy advocating security by writing papers, giving talks, or hosting educational sessions for developers.

  • Undergraduate degree or equivalent; music composition degree preferred.
  • 4+ years of relevant experience.
  • Experience building tools and processes to reliably identify security issues and logic flaws across large code bases.
  • Experience with microservice architectures, or large distributed systems.
  • Expertise with browser security controls and web application security best practices.
  • Software development experience with two or more of: Java, Python, JavaScript, Scala, Go, or Ruby.
  • Experience working with operational or DevOps teams.
  • Knowledge of unique security risks and capabilities with IaaS, PaaS, and SaaS.
  • Experience communicating security concerns and issues to non-technical audiences.

We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected status.

San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Hiring Process

Step 1

After you apply, a recruiter may reach out to you for an introductory call.

Step 2

If your background is a match for the role, you may phone interview with 1-2 people.

Step 3

If you continue through the process, you will come onsite 1-2 times to interview with a total of 5-10 people.


Personal Information

This field is required.
This field is required.
This field is required.
This field is required.
Required field. PDFs only; max file size is 1MB.
Required field. PDFs only; max file size is 1MB.

U.S. Equal Opportunity Employment Information  (Completion is Voluntary)

At Twitter, we have a bold aspiration to reach every person on the planet. We believe that goal is more attainable with a team that understands and represents different cultures and backgrounds and we are committed to an inclusive and diverse Twitter.

This is where you come in! Please take a few minutes to provide us with your information. You are not required to provide this information and you may select “Decline to Disclose”. Your decision to provide information (or not) will not affect your employment or opportunities at Twitter.

Twitter is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

You can view the ‘EEO is the Law’ poster here.

Twitter does not accept any unsolicited resumes from recruiting agencies and will not pay fees associated with any such resumes. Agencies, please do not send resumes to any Twitter location, employee, or email address.

Twitter, Inc. is committed to working with and providing access and reasonable accommodations to applicants with physical or mental disabilities. If you need an accommodation in order to apply for open job opportunities, please submit a description of your accommodation request to This email is only for accommodation requests related to the application process.

Twitter cares about your privacy and protecting your data.  Please click the privacy policy link and acknowledge you have read and understood how Twitter treats your privacy and your data.  

Would you like to receive email communication from Twitter about career opportunities? You may unsubscribe at any time.
Applicant Data - You have a choice. Can we keep your personal data for both the job you are applying for and any other Twitter jobs that we feel you may be a match for? If you choose yes we will retain your personal data for a period of twelve months to consider you for other job opportunities at Twitter.
Analytics - May we use personal data from your resume and application to analyze and improve the Twitter hiring experience.
Thanks for applying!
Submission failed. Please make sure all fields are correctly formatted.

Don't see the right fit?

Check out other opportunities at Twitter.