Staff Engineer, AI Security

See yourself at Twilio

Join the team as Twilio’s next Staff Engineer, AI Security.

About the job

As a Staff Engineer, AI Security on the AppSec team, you’ll lead autonomous defense for the AI lifecycle. Build multi-agent frameworks and secure gateways while integrating real-time security gates and identity standards. By mentoring Security and R&D to define the MLSecOps roadmap, you’ll ensure a "secure-by-default" future for agentic workflows and resilient AI innovation.

Responsibilities

In this role, you’ll:

• Serve as the primary subject matter expert for all AI and machine learning security initiatives across security and R&D.
• Design and manage AI gateways to provide a centralized control plane for authentication and authorization and rate limiting across all model and tool interactions.
• Build and maintain an autonomous security agentic framework that utilizes multi agent orchestration for end to end investigation and alert triage and remediation.
• Develop agentic identity models using OAuth 2.1 to propagate identity across trust boundaries and prevent the confused deputy problem.
• Help govern the AI augmented software development lifecycle by integrating real time security gates into the developer environment and CI/CD pipeline.
• Manage Agentic Security Solutions that secure AI lifecycle and manage AI workloads at runtime. 
• Author company wide AI security standards and implement these security checks across Twilio’s stack
• Implement human in the loop checkpoints and transactional safety protocols for high impact or destructive agentic actions.
• Partner with engineering leadership to set the long term roadmap for identity centric security and automated posture management.
• Act as a knowledge multiplier by mentoring security engineers and developing secure by default paved road templates for R&D teams 

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 8+ years of experience in security engineering with at least 3 years focused on AI or machine learning security operations (MLSecOps).
• Expertise in orchestrating multi-agent systems with AWS Strands, LangGraph, and CrewAI, specializing in runtime isolation, PII redaction, and defending against indirect prompt injection in agentic environments.
• Hands-on experience with AI-specific frameworks (e.g., MITRE ATLAS, MAESTRO, OWASP Top 10 for LLMs/Agents/MCP) to threat model and defend against a wide spectrum of risks, including direct/indirect prompt injection, training data poisoning, tool poisoning, and