Key skills
PythonJavaRubyKotlinAIMLAWSPostgreSQLMongoDBRedisGitRabbitMQCommunicationOWASPPenetration Testing
About this role
Talkdesk is pioneering a new era of Customer Experience Automation (CXA), redefining how the world’s most admired brands interact with their customers through AI. As a Security Engineer focused on Pentesting, Incident Response, and Security Investigations, you will play a key role in detecting, investigating, and preventing security incidents while proactively identifying weaknesses across our platforms and applications.
Responsibilities:
- Perform manual and automated penetration testing of web applications, APIs, cloud-based systems, and AI/ML models
- Conduct security assessments of AI-driven features, focusing on risks like prompt injection, data leakage, and adversarial attacks
- Conduct security investigations to identify root causes, attack paths, and impact of security incidents
- Lead or actively participate in incident response, including detection, containment, eradication, and post-incident reviews
- Analyze logs, telemetry, and forensic artifacts to support investigations and threat hunting activities
- Triage, validate, and prioritize findings from internal and external penetration tests
- Work closely with engineering teams to explain vulnerabilities, recommend pragmatic remediations, and verify fixes
- Support the development and improvement of incident response playbooks and processes
- Perform threat modeling (e.g., STRIDE) to identify realistic attack scenarios
- Continuously research emerging threats, attack techniques, and exploitation methods relevant to our environment, including the evolving AI threat landscape
- Act as a security subject-matter expert (SME) during incidents and high-risk technical discussions
- Help improve Talkdesk’s overall security posture through lessons learned and proactive testing
Requirements:
- Strong knowledge of application and systems security
- Solid understanding of web technologies, networking, and common attack vectors
- Practical experience with penetration testing tools and techniques
- Experience with the OWASP Top 10 for LLMs and common AI exploitation patterns
- Experience conducting security investigations and incident response
- Understanding of OWASP Top 10 and common exploitation patterns
- Knowledge of cryptographic concepts and their practical use (and misuse)
- Linux/Unix proficiency
- Experience analyzing logs and security events
- Scripting or coding experience in at least one general-purpose language (e.g., Python, Ruby, Java)
- Excellent written and verbal communication skills, with the ability to explain complex security issues clearly
- Fluent in English (written and spoken)
- Strong analytical and critical-thinking skills
- Comfortable working in fast-paced, sometimes high-pressure situations
- Experience testing cloud-native environments, especially AWS
- Familiarity with microservices architectures and API security
- Experience with web and mobile application security testing
- Exposure to DAST, SAST, or IAST tools (hands-on or triage-focused)
- Experience performing application architecture security reviews
- Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS, OWASP, SANS)
- Relevant certifications such as OSCP, OSWE, GSEC, GCIA, CISSP, or CISM
- Familiarity with technologies like Git, Ruby, Kotlin, RabbitMQ, Redis, MongoDB, or PostgreSQL