Security Engineer II

Responsibilities

• Depending on your profile and experience, your responsibilities may include:
• Perform manual and automated penetration testing of web applications, APIs, cloud-based systems, and AI/ML models .
• Triage, validate, and prioritize findings from internal and external penetration tests.
• Work closely with engineering teams to explain vulnerabilities, recommend pragmatic remediations, and verify fixes.
• Support the development and improvement of incident response playbooks and processes.
• Perform threat modeling (e.g., STRIDE) to identify realistic attack scenarios.
• Continuously research emerging threats, attack techniques, and exploitation methods relevant to our environment, including the evolving AI threat landscape.
• Act as a security subject-matter expert (SME) during incidents and high-risk technical discussions.
• Help improve Talkdesk's overall security posture through lessons learned and proactive testing.

Requirements

• Strong knowledge of application and systems securitySolid understanding of web technologies, networking, and common attack vectorsPractical experience with penetration testing tools and techniques
• Experience with the OWASP Top 10 for LLMs and common AI exploitation patterns
• Experience conducting security investigations and incident responseUnderstanding of OWASP Top 10 and common exploitation patterns
• Knowledge of cryptographic concepts and their practical use (and misuse)
• Linux/Unix proficiency
• Experience analyzing logs and security events
• Scripting or coding experience in at least one general-purpose language (e.g., Python, Ruby, Java)
• Excellent written and verbal communication skills, with the ability to explain complex security issues clearly
• Fluent in English (written and spoken)
• Strong analytical and critical-thinking skills
• Comfortable working in fast-paced, sometimes high-pressure situations
• Experience testing cloud-native environments, especially AWS
• Familiarity with microservices architectures and API security
• Experience with web and mobile application security testing
• Exposure to DAST, SAST, or IAST tools (hands-on or triage-focused)
• Experience performing application architecture security reviews
• Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS, OWASP, SANS)
• Relevant certifications such as OSCP, OSWE, GSEC, GCIA, CISSP, or CISM
• Familiarity with technologies like Git, Ruby, Kotlin, RabbitMQ, Redis, MongoDB, or PostgreSQL
• Talkdesk has been recognized as a Leader in the Gartner® Magic Quadrant™ for Contact Center as a Service (CCaaS) and in the G2 Overall Grid® Repo

Benefits

Additional Information

Security Engineer (Pentesting, Incident Response & Investigations) At Talkdesk, we are courageous innovators focused on redefining customer experience, making the impossible possible for companies globally. We champion an inclusive and diverse culture representative of the communities in which we live and serve. We give back to our community by volunteering our time, supporting non-profits, and minimizing our global footprint. Each day, thousands of employees, customers, and partners around the world trust Talkdesk to deliver a better way to great experiences. Our Engineering teams follow a micro-service architecture approach to build the next generation of Talkdesk, with autonomous vertical teams owning their services end to end. We promote agile and collaborative practices, value peer reviews, and believe that true authority comes from knowledge, not position. Respect, curiosity, and continuous learning are core to how we work. Are you passionate about breaking things to make them safer? As a Security Engineer focused on Pentesting, Incident Response, and Security Investigations, you will play a key role in detecting, investigating, and preventing security incidents while proactively identifying weaknesses across our platforms and applications.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at talkdesk2? Share your experience