Senior Security Engineer

About The Position

Requirements

• Strong knowledge of application and systems security.
• Solid understanding of web technologies, networking, and common attack vectors.
• Practical experience with penetration testing tools and techniques
• Experience with the OWASP Top 10 for LLMs and common AI exploitation patterns
• Experience conducting security investigations and incident response
• Understanding of OWASP Top 10 and common exploitation patterns
• Knowledge of cryptographic concepts and their practical use (and misuse)
• Linux/Unix proficiency
• Experience analyzing logs and security events
• Scripting or coding experience in at least one general-purpose language (e.g., Python, Ruby, Java)
• Excellent written and verbal communication skills, with the ability to explain complex security issues clearly
• Fluent in English (written and spoken)
• Strong analytical and critical-thinking skills
• Comfortable working in fast-paced, sometimes high-pressure situations

Nice To Haves

• Experience testing cloud-native environments, especially AWS
• Familiarity with microservices architectures and API security
• Experience with web and mobile application security testing
• Exposure to DAST, SAST, or IAST tools (hands-on or triage-focused)
• Experience performing application architecture security reviews
• Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS, OWASP, SANS)
• Relevant certifications such as OSCP, OSWE, GSEC, GCIA, CISSP, or CISM
• Familiarity with technologies like Git, Ruby, Kotlin, RabbitMQ, Redis, MongoDB, or PostgreSQL

Responsibilities

• Perform manual and automated penetration testing of web applications, APIs, cloud-based systems, and AI/ML models.
• Conduct security assessments of AI-driven features, focusing on risks like prompt injection, data leakage, and adversarial attacks.
• Conduct security investigations to identify root causes, attack paths, and impact of security incidents.
• Lead or actively participate in incident response, including detection, containment, eradication, and post-incident reviews.
• Analyze logs, telemetry, and forensic artifacts to support investigations and threat hunting activities.
• Triage, validate, and prioritize findings from internal and external penetration tests.
• Work closely with engineering teams to explain vulnerabilities, recommend pragmatic remediations, and verify fixes.
• Support the development and improvement of incident response playbooks and processes.
• Perform threat modeling (e.g., STRIDE) to identify realistic attack scenarios.
• Continuously research emerging threats, attack techniques, and exploitation methods relevant to our environment, including the evolving AI threat landscape.
• Act as a security subject-matter expert (SME) during incidents and high-risk technical discussions.
• Help improve Talkdesk’s overall security posture through lessons learned and proactive testing.

Benefits

• Medical, Dental, Vision, Life and Disability Insurance, Employee Assistance Program (EAP).
• 401(k) plan
• Uncapped paid time off program for exempt employees and an accrual-based program for non-exempt employees; both are subject to manager approval and consistent with business needs.
• 14 paid holidays each year.
• Exempt employees have uncapped paid time off and non-exempt sick leave follows accrual standards; both are subject to manager approval and consistent with business needs.