Senior Software Security Engineer

At Talkdesk, we are courageous innovators focused on redefining customer experience, making the impossible possible for companies globally. We champion an inclusive and diverse culture representative of the communities in which we live and serve. And, we give back to our community by volunteering our time, supporting non-profits and minimizing our global footprint. Each day, thousands of employees, customers and partners all over the world trust Talkdesk to deliver a better way to great experiences.

At Talkdesk, our Engineering team follows a micro-service architecture approach to build the next generation of Talkdesk, with vertical teams responsible for all the decisions under their services. Through our Agile Coaches, we promote agile and collaborative practices, we are huge fans of Scrum, pair programming and we won’t let a single line of code reach production without peer code reviews. We strongly believe that the only true authority stems from knowledge, not from position and we always treat others with respect, deference and patience.

Are you passionate about all things security? As a member of the Security Engineering Team at Talkdesk you will help on the team effort of building a safer Talkdesk.

Depending on your profile, some of your responsibilities can include :

Provide extensive support regarding vulnerability management, including mitigation advice to development teams

Provide technical support to development teams in finding patching strategies

Provide security guidance through the infrastructure and development lifecycle and help maintain and improve our Secure Software Development Life Cycle

Be a security subject-matter expert (SME) and help development teams with their security needs

Develop security standards and practices

Perform threat modeling (e.g., using STRIDE)

Recommend security enhancements to existing processes and tools

Collaborate with key stakeholders to gather security requirements and ensure implementation

Provide operational support of various security technologies

Work closely with all teams to improve the overall security posture of Talkdesk

Perform pentests and / or help manage findings from external pentests

Approach unknown security topics,define and implement a way forward

Must have :

At least 5 years of experience in application security with hands-on experience with SAST, DAST and SCA tooling

Experience integrating security testing into CI / CD pipelines

Familiarity with IaaC tooling and methodology (Terraform, Ansible, ArgoCD)

Strong experience acting as a technical vulnerability management specialist and security advisor

Strong experience working with OWASP TOP 10, CVE, CWE and other vulnerability taxonomy, implementing technical mitigationsCoding experience in one or more general-purpose languages (e.g., Java, Ruby, Python)

Experience with other secure development security tools

Experience in application architecture security review

Strong experience with securing coding practices and secure coding standards

Knowledge in applications and systems security

Knowledge in cryptographic concepts and their applications

Knowledge of networking and web protocols

Understanding of cybersecurity standards and frameworks, e.g., ISO27001, NIST, CIS, OWASP, SANS

Linux / Unix proficiency

Excellent written, verbal, and conversational communication skills

Strong stakeholder management skills to effectively convey security risks and remediation to technical and non technical audiences

Fluent in English, both verbal and written

Critical thinking skills and the ability to solve problems as they arise

Comfortable working in a fast-paced environment

Nice to have :

Familiarity with Git, Ruby, Kotlin, RabbitMQ, Redis, MongoDB, PostgreSQL

Experience in conducting security tests in web and mobile applications

Experience with AI security

Knowledge and familiarity of rating vulnerabilities using CVSS 3.0 & 4.0

Prior experience working as DevOps and / or Software Engineer

Prior experience handling security incidents

Certifications such as OSCP, CISM, CISSP, GSEC