Staff Security Engineer

Job Description

Join us at Zendesk where were on a mission to power exceptional service for every person on the planet. Were accelerating that ambition by building products rooted in AI automation and intelligent customer experiences because behind every interaction lies an opportunity to make a human connection.

Were seeking a Staff Security Engineer (P8) to join our Threat Prevention Engineering (TPE) team part of Zendesks Cyber Defense Fusion Center (CDFC). In this role youll own and drive large-scale security engineering initiatives that blend modern detection automation and AI-assisted workflows to reduce risk and improve our ability to detect investigate and respond to threats across Zendesks cloud and platform environments.

Problems youll solve

• AI Capability Gap: AI is already woven into how our team works. This role brings the focused technical leadership needed to push that further owning the roadmap driving intentional adoption and turning emerging AI patterns into mature production-grade security capabilities.

• Engineering Capacity & Delivery Velocity: Theres more high-priority work than the team can currently absorb. Youll close that gap directly through delivery and indirectly by multiplying what the people around you can accomplish.

• Organizational Integration & Control Coverage: A newly absorbed team has created real gaps in control coverage and tooling alignment. Youll own the engineering work that closes them in a structured risk-prioritized way.

• Legacy Technical Debt: Several critical systems are overdue for modernization. Youll lead phased migrations to cloud-native architectures without disrupting whats already running.

Scale of systems youll own

• Enterprise-scale security data pipelines ingesting and processing telemetry across a large multi-cloud environment

• Kubernetes-native AWS-hosted containerized security services spanning EKS Lambda and supporting infrastructure

• A cross-platform tooling ecosystem covering detection response cloud security and threat intelligence that the entire security organization depends on

• A centralized agentic automation platform that security engineers and analysts rely on daily to move faster and work smarter

• A team-wide AI strategy and roadmap that shapes how every engineer on the team applies AI to security problems

• An organizational control framework enforcing technical standards and integrations across multiple business units
  

What youll be doing

• Youll own the teams AI strategic roadmap from evaluating emerging frameworks and running proof-of-concepts through shipping agentic and AI-powered capabilities into production

• Youll architect and operate the cloud-native security data infrastructure the team depends on including detection pipelines log management telemetry collection and data rehydration at enterprise scale

• Complex multi-phase security engineering initiatives will be yours to lead. That means design stakeholder alignment phased migrations and seeing things through to production without disrupting whats already running

• Youll build automation-first security workflows including AI-assisted triage and agentic automations that reduce manual effort and make the team faster

• Youll work closely with engineering platform cloud and newly integrated teams to align controls tooling and workflows across the organization

• Youll set technical direction and raise the bar for the team mentoring peers in modern security engineering practices and AI tooling adoption

• Youll define and track the metrics that actually reflect security outcomes and use that data to drive continuous improvement

What you bring to the role

• You have 8 years in security or software engineering and have genuinely operated at Staff or Senior scope owning hard multi-phase projects from whiteboard to production with real outcomes to show for it

• You write production-grade Go and/or Python and have built security tooling that people actually rely on not just proof-of-concepts

• Youre comfortable designing and running containerized workloads on Kubernetes/EKS and building on cloud-native AWS services

• Security fundamentals are second nature: threat modeling controls architecture identity and access patterns and layered defense arent things you look up

• Youve built and maintained security data pipelines and log infrastructure at scale and understand the operational realities that come with it

• You default to automation and code over manual processes. APIs IaC and programmatic integrations are how you think about solving problems

• Youve moved beyond AI curiosity. Youve shipped AI and agentic workflows in real environments and know what governance and validation actually look like in practice

• People follow your technical lead without you needing a title to back it up. You communicate clearly mentor naturally and make the teams around you better

Preferred Qualifications

• Familiarity with MCP (Model Context Protocol) or experience building agentic AI integrations.

• Familiarity with common enterprise security platforms across multiple domains including endpoint detection and response (EDR) SIEM SOAR cloud security posture management threat intelligence and data analytics.

• Background in detection engineering (detection logic design alert tuning false-positive reduction) and SOC collaboration.

• Experience designing and operating security data lakes log rehydration strategies and large-scale telemetry infrastructure.

• Relevant certifications (CISSP OSCP AWS Security Specialty) or experience at a enterprise-scale SaaS company.

AI literacy (core expectation)

• AI competency is required. Candidates must be comfortable evaluating and integrating AI/LLM tooling into security workflows building agentic and automated solutions and establishing validation governance and privacy safeguards. You should be able to demonstrate practical production-oriented uses of AI that improved security outcomes or delivery velocity.

Where and how youll work

• Youll be part of the Threat Prevention Engineering team a tight-knit & high impact group of six embedded within Zendesks broader 40-person Cyber Defense Fusion Center. This is a hybrid role based in Krakow with two days per week in the office.

Leveling alignment

• This role maps to P8 (Staff Security Engineer) in Zendesks Job Family Architecture Library: a senior individual contributor responsible for setting technical direction delivering enterprise-impacting solutions mentoring others and influencing cross-team strategy.

Hybrid: In this role our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection collaboration learning and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.

The intelligent heart of customer experience

Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.

Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working enables us to purposefully come together in person at one of our many Zendesk offices around the world to connect collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.

As part of our commitment to fairness and transparency we inform all applicants that artificial intelligence (AI) or automated decision systems may be used to screen or evaluate applications for this position in accordance with Company guidelines and applicable law.

Zendesk is an equal opportunity employer and were proud of our ongoing efforts to foster global diversity equity & inclusion in the workplace. Individuals seeking employment and employees at Zendesk are considered without regard to race color religion national origin age sex gender gender identity gender expression sexual orientation marital status medical condition ancestry disability military or veteran status or any other characteristic protected by applicable law. We are an AA/EEO/Veterans/Disabled employer. If you are based in the United States and would like more information about your EEO rights under the law please click here.

Zendesk endeavors to make reasonable accommodations for applicants with disabilities and disabled veterans pursuant to applicable federal and state law. If you are an individual with a disability and require a reasonable accommodation to submit this application complete any pre-employment testing or otherwise participate in the employee selection process please send an e-mail to with your specific accommodation request.