Security- Technical Program Manager

Seattle, WA

Responsibilities

As Twitter’s bug bounty leader, you will be responsible for ensuring the success of our program. You will leverage deep and practical knowledge in security and project management to ensure efficient and effective operations of Twitter’s bug bounty program.

What You’ll do:

  • Identifying, measuring, and executing on indicators of success for Twitter’s bug bounty program
  • Ensuring operational success of the program, including triage rotation to execute on key deliverables
  • Ensure Twitter consistently meets SLAs such as:
  • response time to hackers on reported vulnerabilities
  • time to bounty after confirmation of the issue
  • time to remediation of reported vulnerabilities
  • Identifying and expanding the scope of the program
  • Accepting and incorporating feedback from (and developing a healthy relationship with) the bug bounty community
  • Leading vulnerability management efforts on issues identified via the program
  • Identifying and calibrating budget for the program
  • Working with executive leadership and other parts of to report on the results of program and ensure continued buy-in
  • Interface with and coordinate third party triage services for front-line bug triage.

Qualifications

You will meet most (but need not meet all) of the following points:

  • 2+ years of application security experience, understand security fundamentals and common vulnerabilities (e.g. OWASP Top Ten)
  • 2+ years of security consulting experience
  • Outstanding communicator with empathy for researchers to strike the right balance. You need to be an advocate for friendly hackers, but also appropriately influence and push back when needed to help hackers be successful.
  • Ability to take feedback from hackers and translate to action items for our bug bounty team
  • Extremely organized with strong project management experience
  • Detail oriented, results driven, fast learner
  • A strong sense of urgency and bias for action
  • A passion for solving problems, both for hackers and internal teams at
  • A great team player

Ideal candidate will meet several of the following:

  • Vulnerability assessment experience
  • Penetration testing and code review
  • Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
  • Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
  • Network and web-related protocol knowledge (e.g., TCP/ IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Program/Project management experience (Strongly preferred)

Engineering Hiring Process

Step 1

Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.

Step 2

If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.

Step 3

If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people held onsite in our office.

Application

Personal Information

Required field. PDFs only; max file size is 1MB.
Required field. PDFs only; max file size is 1MB.

U.S.  Equal Employment Opportunity Information  (Completion is Voluntary)

At Twitter, we have a bold aspiration to reach every person on the planet. We believe that goal is more attainable with a team that understands and represents different cultures and backgrounds and we are committed to an inclusive and diverse Twitter.

This is where you come in! Please take a few minutes to provide us with your information. You are not required to provide this information and you may select “Decline to Disclose”. Your decision to provide information (or not) will not affect your employment or opportunities at Twitter.

Twitter is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

You can view the ‘EEO is the Law’ poster here.

Twitter does not accept any unsolicited resumes from recruiting agencies and will not pay fees associated with any such resumes. Agencies, please do not send resumes to any Twitter location, employee, or email address.

Twitter, Inc. is committed to working with and providing access and reasonable accommodations to applicants with physical or mental disabilities. If you need an accommodation in order to apply for open job opportunities, please submit a description of your accommodation request to RARequest-Recruiting@twitter.com. This email is only for accommodation requests related to the application process.

Twitter cares about your privacy and protecting your data.  Please click the privacy policy link and acknowledge you have read and understood how Twitter treats your privacy and your data.  

Would you like to receive email communication from Twitter about career opportunities? You may unsubscribe at any time.
Applicant Data - You have a choice. Can we keep your personal data for both the job you are applying for and any other Twitter jobs that we feel you may be a match for? If you choose yes we will retain your personal data for a period of twelve months to consider you for other job opportunities at Twitter.
Analytics - May we use personal data from your resume and application to analyze and improve the Twitter hiring experience.
Success
Thanks for applying!
Error
Submission failed. Please make sure all fields are correctly formatted.