Senior Security Engineer

Hej, Truecaller is calling you from Stockholm, Sweden! Ready to pick up?

Our goal is to make communication smarter, safer, and more efficient, all while building trust everywhere. We're all about bringing you smart services with a big social impact, keeping you safe from fraud, harassment, scam calls, or messages, so you can focus on the conversations that matter.

• Top 20 most downloaded apps globally, and world’s #1 caller ID and spam-blocking service for Android and iOS, with extensive AI capabilities, with more than 400 million active users per month. 
• Founded in 2009 with an impressive year-on-year growth with high profitability.
• Listed on Nasdaq OMX Stockholm and is categorized as a Large Cap. Our focus on innovation, operational excellence, sustainable growth, and collaboration has resulted in consistently high profitability and strong EBITDA margins.
• A team of 400 people from ~35 different nationalities spread across our headquarters in Stockholm and offices in Bangalore, Mumbai, Gurgaon, and Tel Aviv with high ambitions. 

We, at the Security team, play a critical part in Truecaller’s continuous success and mission to build trust everywhere as we handle the overall security in every domain of Truecaller. Our vision is to contribute to the development of a state-of-the-art product for our users and push the boundaries of security.

As a Senior Cloud Security Engineer at Truecaller, your role is pivotal. You are not just versed in security protocols but possess a blend of infrastructure knowledge, a keen interest in DevSecOps, and a passion for safeguarding cloud architectures. You understand the intricacies of Cloud Security, preferably in Google Cloud Platform (GCP), and are suited to support us in integrating security seamlessly into the Truecallers infrastructure. While experience matters, it’s your drive, curiosity, and commitment to excellence that will set you apart in this role.

The impact you will create:  

• Shape and Align Security Strategies: Ensure security isn’t just a policy but a key enabler of our services by aligning security strategies with business objectives.
• Design and Implement Security Architectures: Lead the design and implementation of advanced security architectures and solutions in our GCP environment.
• Integrate Security into Development: Collaborate with DevOps and engineering teams to integrate security controls into CI/CD pipelines and development workflows (DevSecOps).
• Vulnerability Management: Focus on cloud infrastructure and applications, taking on vulnerability management endeavors.
• Advocate for Zero Trust: Drive the implementation of a zero-trust approach across our digital environments.
• Provide Expert Advice: Offer expert advice on security matters to leadership and project teams.
• Manage Security Tools: Evaluate, implement, and manage security tools that complement our defensive strategy.
• Stay Ahead of Threats: Stay ahead of emerging security threats and trends, proactively recommending and implementing security enhancements.

What you bring in:  

• Education and Experience: Bachelor’s degree in Computer Science, Information Security, or a related field, with several years of experience in a senior engineering role focused on security.
• Cloud Security Expertise: Proven expertise in cloud security, preferably in Google Cloud Platform (GCP).
• DevSecOps Knowledge: Comprehensive knowledge of DevSecOps and its practical application in CI/CD pipelines.
• Scripting and Automation: Strong scripting and automation skills in languages such as Python, Bash, Scala, and Go.
• Leadership and Mentorship: Experience in leading security initiatives and mentoring team members.
• Problem-Solving and Strategy: Excellent problem-solving skills, combined with the ability to think strategically and act tactically.
• Communication: Exceptional communication skills, with the capacity to influence and guide decision-making at all organizational levels.
• Infrastructure as Code (IaC) Security: Proficiency in securing Infrastructure as Code (IaC) through practices like threat modeling, establishing privileges, and employing security tools at various stages of the DevOps lifecycle.
• Proven expertise in securing container and Kubernetes deployments in modern hyper-scale throughout the entire development lifecycle. If you are a fan of SLSA, immutable infrastructure, and zero-touch production, help us implement it at scale.

It would be great if you also have:

• Advanced Certifications: Credentials like CISSP, GCP Professional Cloud Security Engineer, or CEH can be advantageous.
• Open-Source Contributions: Experience with contributing to open-source security tools or projects showcases initiative and expertise.
• Zero Trust Network Architecture: Understanding and experience in implementing Zero Trust concepts beyond theoretical knowledge.
• Container Security: Experience in securing Docker, Kubernetes, or other container orchestration platforms.
• Threat Modeling: Experience developing threat models for complex software and infrastructure architectures.
• Digital Forensics: Skills in identifying and investigating digital traces after a security incident.

Life at Truecaller - Behind the code:  https://www.instagram.com/lifeattruecaller/

Sounds like your dream job?

We will fill the position as soon as we find the right candidate, so please send your application as soon as possible. As part of the recruitment process, we will conduct a background check.

This position is based in Stockholm, Sweden. 

We only accept applications in English. 

What we offer: 

• A smart, talented, and agile team: An international team where ~35 nationalities are working together in several locations and time zones with a learning, sharing, and fun environment.
• A great compensation package: Competitive salary, 30 days of paid vacation, flexible working hours, private health insurance, parental leave top-up, pension contribution, Udemy membership to keep learning and improving, and free gym membership.
• Great tech tools: Pick the computer and phone you most fancy within our budget ranges.
• Office life: We strongly believe in in-person collaboration and follow an office-first approach while offering some flexibility. Enjoy your days with great colleagues with loads of good stuff to learn from, and a wide range of yummy snacks and beverages. In addition, every now and then check out the playroom for a fun break or join our exciting parties and or team activities such as Lab days, Running team, movie nights in our cinema, or a Geek lunch. There’s something for everyone!

Come as you are:
Truecaller is diverse, equal, and inclusive. We need a variety of backgrounds, perspectives, beliefs, and experiences to keep building our great products. No matter where you are based, which language you speak, your accent, race, religion, color, nationality, gender, sexual orientation, age, marital status, etc. All those things make you who you are, and that’s why we would love to meet you.