Principal Security Engineer

We are seeking a battle-hardened Principal Security Engineer to lead our technical offensive and defensive strategies. This is not a policy-writing role; it is an extremely hands-on position designed for an engineer who thrives on breaking complex systems, building custom security tooling, and securing the next generation of AI-driven applications. You will be the technical authority for Application Security, Penetration Testing, and Cloud infrastructure, with a specialized focus on the security lifecycle of Large Language Models (LLMs) and AI integrations.

Key Responsibilities

1. Advanced AppSec & Offensive Security

• Deep-Dive Pentesting: Conduct sophisticated manual penetration tests across web applications, APIs, and microservices architecture.
• Exploit Development: Go beyond automated scanners to identify logic flaws and develop Proof-of-Concept (PoC) exploits to demonstrate business risk.
• Secure Code Review: Build and contribute to agents that perform line-by-line analysis of critical code paths in Go, Python, Java or others to identify vulnerabilities so they get remediated before they reach production.
• Remediation Engineering: Partner directly with engineering teams and their agents to write and push code fixes, ensuring vulnerabilities are closed, not just reported.

2. AI Development, Security & Audit

• LLM Security: Design and implement defenses against Prompt Injection, Data Poisoning, and Model Inversion attacks.
• AI Red Teaming: Adversarially test our internal AI agents and customer-facing LLM features.
• Audit & Governance: Establish technical audit frameworks for AI model training data, bias detection, and output safety.
• Tooling: Build custom agents to automate the security testing of web apps, APIs, AI pipelines and vector databases, among others.

3. Cloud Security & Infrastructure as Code

• Hardening: Secure AWS/GCP/Azure environments with a focus on IAM least privilege and container security (Kubernetes).
• Automated Guardrails: Develop agents and OPA (Open Policy Agent) policies / Terraform Sentinels to prevent insecure infrastructure deployments.
• Cross-Functional Tooling: Build and maintain a unified security "mesh" that integrates AppSec signals with Cloud logging (SIEM/SOAR).

4. Technical Leadership

• Act as the "Security Architect of Record" for high-impact cross-functional projects.
• Mentor senior engineers and foster a culture of "Security by Design" across the organization.

Nice to haves

• Contributions to open-source security tools or AI security research.
• Relevant certifications: OSCP/OSWE, AWS Certified Security, or specialized AI/ML credentials.
• Experience building custom Security Orchestration, Automation, and Response (SOAR) workflows.

Talkdesk is pioneering a new era of Customer Experience Automation (CXA), redefining how the world’s most admired brands interact with their customers through AI. Our global team of courageous innovators is customer-obsessed, building AI-first solutions that put empathy, trust, and transparency at the center of every interaction. We foster an inclusive culture where diverse perspectives drive our success and every voice belongs. Combining the stability of a global leader with the agility of a disruptor, Talkdeskers are empowered with the autonomy to drive meaningful impact, while giving back to the communities and environment around us.

Talkdesk has been recognized as a Leader in the Gartner® Magic Quadrant™ for Contact Center as a Service (CCaaS) and in the G2 Overall Grid® Reports for AI Agents and Contact Center. With seven consecutive years on the Forbes Cloud 100 and multiple AI Breakthrough awards, there has never been a more exciting time to join us as we shape the future of customer experience automation!

Work Environment and Physical Requirements:

Primarily office-environment work, extended periods of sitting or standing, computer-based work. Limited lifting, and equipment usage limited to computer-related equipment (keyboards, mouse, etc.)

The Talkdesk story hinges on empathy and acceptance. It is the shared goal among all Talkdeskers to empower a new kind of customer hero through our innovative software solution, and we firmly believe that the best path to success for our mission is inclusivity, diversity, and genuine acceptance. To that end, we will hire, promote, work along, cheer for, bond with, and warmly welcome into the Talkdesk family all persons without regard to ethnic and racial identity, indigenous heritage, national origin, religion, gender, gender identity, gender expression, sexual orientation, age, disability, marital status, veteran status, genetic information, or any other legally protected status.