Security Engineer

At Talkdesk, we are courageous innovators focused on redefining customer experience, making the impossible possible for companies globally. We champion an inclusive and diverse culture representative of the communities in which we live and serve. And, we give back to our community by volunteering our time, supporting non-profits and minimizing our global footprint. Each day, thousands of employees, customers and partners all over the world trust Talkdesk to deliver a better way to great experiences. 

We are recognized as a cloud contact center leader by many of the most influential research organizations, including Gartner and Forrester. With $498 million in total funding, a valuation of more than $10 Billion, and a ranking of #17 on the Forbes Cloud 100 list, now is the time to be part of the Talkdesk legacy to help accelerate our success in a new decade of transformational growth.

Our Engineering team follows a micro-service architecture approach to build the next generation of Talkdesk, with vertical teams responsible for all the decisions under their services. Through our Agile Coaches, we promote agile and collaborative practices, we are huge fans of Scrum, pair programming and we won’t let a single line of code reach production without peer code reviews. We strongly believe that the only true authority stems from knowledge, not from position and we always treat others with respect, deference and patience.

Are you passionate about all things security? As a member of the Engineering Security Team at Talkdesk you will help on the team effort of building a safer Talkdesk. 
We have several openings on our team. Depending on your profile, some of your responsibilities can include:

• Audit applications and systems, through penetration testing and vulnerability management
• Propose remediation measures and help with their adoption
• Provide security guidance through the development lifecycle and help maintain and improve our Secure Software Development Life Cycle
• Be a security subject-matter expert (SME) and help development teams with their security needs
• Perform threat modelling (e.g., using STRIDE)
• Provide internal security training sessions, focused in the engineering users
• Develop tools to automate security tasks
• Implement mechanisms to identify security threats (IOCs and TTPs) in the environment
• Monitor alerts and escalate issues as needed
• Work in conjunction with other teams in incident response activities
• Develop security standards and practices
• Recommend security enhancements to existing processes and tools
• Develop, maintain, configure, and troubleshoot (as needed) SIEM tools
• Collaborate with key stakeholders to gather security requirements and ensure implementation
• Report findings to management
• Provide operational support of various security technologies
• Work closely with all teams to improve the overall security posture of Talkdesk

Must have

• Knowledge in applications and systems security
• Knowledge in distributed computing principles 
• Knowledge in cryptographic concepts
• Knowledge of networking and web protocols
• Experience with security tools
• Coding experience in one or more general-purpose languages (e.g., Java, Ruby, Python)
• Understanding of OWASP Top 10 security flaws
• Linux/Unix proficiency
• Excellent written, verbal, and conversational communication skills
• Fluent in English, both verbal and written
• Critical thinking skills and the ability to solve problems as they arise
• Comfortable working in a fast-paced environment

Nice to have:

• Experience with Infrastructure as Code (Terraform and / or Ansible preferred)
• Experience with common infrastructure cloud providers
• Familiarity with Git, Ruby, Elixir, RabbitMQ, Redis, MongoDB, PostgreSQL
• Experience in conducting security tests in web and mobile applications
• Experience with malware detection and analysis
• Experience with forensic analysis
• Experience with SIEM tools
• Experience with SAST / IAST / DAST tools
• Experience in application architecture security review
• Strong understanding of cybersecurity standards and frameworks, e.g., ISO27001, NIST, CIS, OWASP, SANS
• Reasonable Windows and Linux administration experience
• Certifications such as OSCP, CISM, CISSP, GSEC

The Talkdesk story hinges on empathy and acceptance. It is the shared goal among all Talkdeskers to empower a new kind of customer hero through our innovative software solution, and we firmly believe that the best path to success for our mission is inclusivity, diversity, and genuine acceptance. To that end, we will hire, promote, work along, cheer for, bond with, and warmly welcome into the Talkdesk family all persons without regard to ethnic and racial identity, indigenous heritage, national origin, religion, gender, gender identity, gender expression, sexual orientation, age, disability, marital status, veteran status, genetic information, or any other legally protected status.