Role Description Step into a role where you can make a significant impact on the security posture of Department of Defense (DoD) information systems. As a Security Authorization Expert, you will: - Own the day-to-day security authorization posture of assigned DoD information systems. - Work within a well-resourced team with dedicated engineering, operations, and architecture support. - Develop expertise in modern RMF tooling including eMASS and eMASSer automation. - Directly support mission continuity by managing ATO packages and continuous monitoring programs. - Grow into a senior GRC role with clear advancement pathways. Responsibilities: - Develop, maintain, and update System Security Plans (SSPs) for assigned systems. - Manage Plans of Action & Milestones (POA&Ms) from identification through remediation and closure. - Compile and submit Authorization to Operate (ATO) packages. - Conduct continuous monitoring activities per established strategy. - Utilize eMASS for GRC management and RMF workflow tracking. - Coordinate with Information System Security Engineers (ISSEs) and Security Operations (SecOps) to validate control implementations. - Develop Security Assessment Plans (SAPs) and support Security Assessment Report (SAR) coordination. - Draft supply chain risk management plans. - Support the Cybersecurity Architect with RMF strategic planning. Qualifications - Active Secret or Top Secret clearance. - 3–5 years of RMF/ATO experience within DoD or federal environments. - Hands-on experience with eMASS. - Working knowledge of NIST SP 800-53r5 and DoD RMF processes. - Demonstrated ability to independently author SSPs and manage POA&Ms. Requirements - Required Certification: DoD 8140.03M DCWF Basic tier certification — CEH. - Education: DoD 8140 Interim Education Options. - Desired Certification: DoD 8140.03M DCWF Intermediate tier certification — one of: CEH(P), RCCE Level 1, Cloud+, CPTE, FITSP-A, GCED, GCIH, GCSA, GICSP, GSEC, PenTest+, or Security+. - Desired Education: Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering. - Desired: Experience with eMASSer or similar RMF automation tooling. - Exposure to cloud-hosted or hybrid system authorization boundaries. - Familiarity with the DoD RMF Knowledge Service. Benefits - Competitive compensation. - Healthcare benefits. - Wellness programs. - Financial benefits. - Retirement plans. - Family support. - Continuing education opportunities. - Time off benefits.

• Lead all facility-related responsibilities and security operations across the organization • Oversee facility management, leasing, and compliance • Manage personnel clearances, secure facilities, and physical security programs • Ensure compliance with all government security requirements and regulations • Conduct regular security assessments and implement improvements

• Expertise in designing secure networks, systems, and application architectures • Manage/implement design, installation, configuration, setup, testing, troubleshooting, documentation of security solutions including IAM, endpoint security, firewalls, email security, content filtering and security awareness. • Proficient with networks, systems, applications, and cloud security • Proficiency with risk assessment and vulnerability scanning tools, technologies, and methods • Escalation point for security-related incidents • Proactively report possible threats and or vulnerabilities • Proactively research weaknesses and find ways to counter them • Find cost-effective solutions to cybersecurity problems • Information Technology Security representative on IT projects to provide security advice, expertise, and recommendations • Conduct security awareness training • Planning, researching, and developing security policies, standards and procedures • Ensure the tuning and effectiveness of security tools deployed across the environment • Work closely with our Managed Security Services Provider (MSSP) and IT teams to review alerts and investigate security incidents • 24/7 Availability for Identity & Access Management, Security Incident Response and Escalation • Performs other related job duties, as assigned

• Partner with Security Compliance Regulatory Affairs to execute a unified security regulatory strategy that balances long-term global trends with Twilio’s immediate operational needs. • Monitor, identify, and prioritize new and evolving cybersecurity regulations (including telecom-specific mandates); translate complex requirements into actionable business impacts. • Manage weekly compliance-focused operating rhythm, triaging regulatory developments and escalating critical security risks to senior leadership. • In partnership with cyber legal counsel, define the "scope of applicability" for new regulations to ensure Twilio’s responses and decisions are precise, efficient, and aligned with how we actually build products. • Collaborate with Go-To-Market teams to leverage Twilio’s security compliance posture as a differentiator, identifying opportunities to drive revenue through trust. • Project manage non-security stakeholders to ensure the timely collection of evidence, support, and information required for successful regulatory filings and audits, working closely with the Security Compliance Regulatory Affairs team to facilitate and align on response.