Senior Cloud Security Engineer

Truecaller's mission is to build trust in communication by making it safer, smarter, and more efficient. Born in Sweden, trusted by the world, and here’s why we stand out:

• We are trusted by over 450 million active users every month across 190+ countries
• We identify over 15 billion calls daily, helping users avoid spam and scams
• We are powered by a team of 450+ employees from 45+ nationalities

We always look for people who take initiative, own their work, and keep raising the bar. An entrepreneurial mindset matters here, especially when it turns bold ideas into real actions. We stay collaborative and focused, always searching for smarter paths forward. If you want to make an impact and grow with a team that inspires millions, you’ll fit right in.

We, at the Security team, play a critical part in Truecaller’s continuous success and mission to build trust everywhere as we handle the overall security in every domain of Truecaller. Our vision is to contribute to the development of a state-of-the-art product for our users and push the boundaries of security.

As a Senior Cloud Security Engineer, you will act as a technical leader in safeguarding our core cloud infrastructure. You will take ownership of maintaining the highest standards of security controls for our critical systems within Google Cloud Platform (GCP). We're looking for someone who thrives in complex environments, can solve infrastructure security problems where no established patterns exist, and isn't afraid to get their hands dirty. You won't just advise; you will actively build, configure, and fix security controls. You'll leverage your expert understanding of cloud services, infrastructure-as-code, and container security to architect robust security measures and drive systemic improvements across the organization.

• →Architect and Lead GCP Security: Take end-to-end ownership of designing and implementing security architectures for our GCP infrastructure. You will look beyond immediate fixes to architect long-term, scalable solutions for networking, compute, storage, and GKE.
• →Hands-on Remediation & Engineering: You don't just identify risks; you fix them. You will actively write code, create Pull Requests, and apply configurations to resolve security issues, harden infrastructure, and deploy tooling (e.g., EDR, Identity proxies) in production environments.
• →Drive Systemic Risk Reduction: Identify repeating classes of vulnerabilities or systemic risks (e.g., data exfiltration paths) and drive organizational change to eliminate them, rather than just patching individual issues.
• →Manage GCP Security Posture: Utilize GCP-native tools (e.g., Security Command Center, Cloud Armor, VPC Service Controls, IAM) to continuously monitor, assess, and improve the security posture of our cloud environment.
• →Advanced Network & Container Security: Design complex network security controls and Kubernetes (GKE) hardening strategies, balancing strict security requirements with operational velocity.
• →Mentorship and Technical Sparring: Act as a technical mentor and sparring partner to other engineers. You will elevate engineering standards by guiding colleagues on advanced security concepts and architecture.
• →Automate Security Operations: Develop advanced automation (using Python, Go, No/Low Code) to eliminate toil, turning manual security reviews into automated policy-as-code checks and high-fidelity alerts.

• Technical Experience: Several years of hands-on experience in a senior security engineering role. You have a track record of leading technical designs and influencing decisions across multiple squads.
• Security Passion & Threat Awareness: You are passionate about security and stay constantly updated on the evolving threat landscape, emerging vulnerabilities, and attack vectors, translating this knowledge into proactive defense strategies.
• Navigating Ambiguity: You excel at breaking down complex, multi-faceted technical problems into actionable components. You are comfortable defining security standards for experimental technologies where internal patterns may not yet exist.
• Project Ownership & Grit: Demonstrated ability to drive mid-to-large scale projects from idea to implementation independently, including successful stakeholder alignment and management of external dependencies.
• Operational "Doer" Mindset: You are a practitioner who enjoys the craft of engineering. You have recent, deep experience directly configuring infrastructure, writing production-grade code, and debugging complex systems. Once an issue has been identified you have the experience applying the fix either yourself or through collaboration with stakeholders.
• Business-Aligned Risk Assessment: Experience weighing risk vs. speed, and making technical decisions that balance short-term delivery with long-term maintainability and business value.
• Deep GCP Expertise: Expert-level knowledge of securing cloud infrastructure, with the ability to architect tool-agnostic solutions and evaluate trade-offs in GCP services (GCE, GKE, VPC, IAM, SCC).
• Communication: Strong ability to communicate technical security concepts to non-technical stakeholders, clearly articulating business impact (e.g., financial loss, brand reputation) to secure buy-in.