Senior Engineer, Security Compliance Automation (Python)

📋 Description

• • Own and evolve Twilio’s security compliance automation platform, a Python-centric system that continuously monitors, evidences, and remediates controls across AWS, GCP, and Azure environments serving 250,000+ customer accounts.
• • Architect and extend the compliance-as-code framework that translates SOC 2, ISO 27001, PCI-DSS, FedRAMP, and HIPAA requirements into executable Python policies, reducing manual audit prep from weeks to minutes.
• • Build and maintain high-throughput data pipelines (Kafka, Kinesis, Snowflake) that ingest millions of security events per hour, normalize them into a unified schema, and score risk in real time using statistical models and rule engines.
• • Partner with Security, Engineering, Legal, and Internal Audit to translate regulatory changes into new automated checks within 48 hours of announcement, ensuring Twilio stays ahead of evolving compliance landscapes.
• • Lead threat-modeling sessions and design reviews to embed compliance controls early in the SDLC, eliminating late-cycle surprises and cutting remediation cost by 60%.
• • Develop self-service dashboards and APIs that give product teams instant visibility into their compliance posture, empowering them to fix gaps without opening tickets.
• • Implement drift-detection bots that reconcile infrastructure-as-code templates against live cloud resources, auto-creating Jira tickets and Slack alerts when deviations exceed risk thresholds.
• • Drive chaos-engineering experiments that validate the resilience of compliance tooling itself, ensuring the platform remains reliable during region-wide outages or traffic spikes.
• • Mentor junior engineers through pair programming, design docs, and brown-bag sessions, cultivating a culture of secure-by-default development across Twilio’s globally distributed workforce.
• • Contribute to open-source compliance projects (e.g., Cloud Custodian, OSCAL tooling) and represent Twilio at security conferences, amplifying our thought leadership in automated governance.
• • Optimize CI/CD pipelines (GitHub Actions, ArgoCD) to run 2,000+ policy unit tests in under five minutes, giving developers rapid feedback while maintaining strict separation of duties.
• • Establish SLOs and error budgets for the compliance platform, using Prometheus, Grafana, and PagerDuty to maintain 99.9% availability and sub-second evidence retrieval times.
• • Collaborate with finance and procurement to quantify cost savings from automation, translating technical wins into clear ROI narratives for executive stakeholders.
• • Champion privacy-by-design principles, ensuring that personal data minimization and encryption controls are enforced automatically across every microservice.
• • Continuously refactor legacy Ruby/Go compliance scripts into idiomatic, testable Python 3.11+ services, improving readability and cutting maintenance overhead by 40%.
• • Influence the broader Twilio engineering community by publishing internal tech blogs, running guild meetings, and creating reusable Terraform modules that embed compliance guardrails by default.