The Product Security team is responsible for the product security efforts for Salesforce products. Were looking for dedicated security engineers, who are subject matter experts in multiple security domains and are able to act as technical lead for strategic product security efforts, and are able to influence security direction of existing and new products.
Lightning Platform Skills group is responsible for product security needs of several Products/Business Units including Core Salesforce UI, Sales Cloud, Service Cloud, Customer 360, Blockchain Platform, and more. We make ourselves available at every stage in the software development lifecycle, facilitating secure design choices without sacrificing the usability of our products.
Youll own product security effort for several engineering teams within one or more business units. At this time we are looking for individuals with strong focus on Sales Cloud and Salesforce Core UI business units. You will work closely with our engineering teams to scope and execute application security reviews throughout the development cycle, including architecture reviews and threat models, secure code reviews, and platform and application penetration testing. Youll be expected to be an SME and lead strategic product security initiatives for all the products supported by the team, learn about multiple products, work with engineering architects, and product organization to build secure products.
Influences and/or defines product security strategy for multiple business units and products.
Partners closely with engineering, and product organization to drive strategic security initiatives.
Act as a Subject Matter Expert for multiple security domains, and mentor junior team members to drive the strategic initiatives for you.
Scope and perform application security reviews of our full stack: web applications, APIs, and platform architectures.
Provide our engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.
Produce research and collaborate with our peers in the broader infosec and public cloud communities and industries.
Constantly question existing security practices and routines, and update, replace, or automate them.
Write and promote secure development practices for our engineers.
Self-driven, passionate, and independent.
Strong influencer with a proven ability to build deep relationships and getting this done without authority.
Hands-on experience in driving the security efforts for multiple complex and large scale, cross-functional projects.
Be able to act as a multiplier via junior team members to accomplish more than the sum total of individual efforts.
Deep experience with performing threat modeling and architecture reviews.
Capability to look at the big picture/architecture and propose strategic security solutions.
Experience with black box, grey box, and white box security testing of applications, including manual secure code review.
Experience with public cloud infrastructure security protections and weaknesses
Strong working knowledge of web application development and architecture, HTTP, and TLS.
Scripting skills (our primary languages are Ruby, Python, Go, and Elixir, but well happily speak to candidates with other language backgrounds.)
Strong grasp of practical cryptography usage, able to recommend the best approach for storage, transport and identity purposes, specifically in the realm of public cloud.
Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
Enthusiastic and quick learning of complex systems and poorly-documented open source software.
Comfortable working with continuous integration/delivery and agile development teams.
Strong candidates will have worked with some of these and/or similar technologies:
Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
Security features in container and container orchestration technologies (LXC, Docker, Kubernetes, gvisor).
Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets.
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbess Worlds Most Innovative Company six years in a row and one of Fortunes 100 Best Companies to Work For nine years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
It's easy, and free! Add jobs from any website! Get recommendations from your friends! Start by adding this job...