Product Security Principal

Salesforce

3.8

(114)

Multiple Locations

Why you should apply for a job to Salesforce:

  • 63% say women are treated fairly and equally to men
  • 70% would recommend this company to other women
  • 81% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Time off and leaves
  • Perks, such as discounts, commuter benefits & educational reimbursement
  • Mental health, parenting and childcare resources
  • #JR255186

    Position summary

    curity risk at scale in Salesforce products and infrastructure while also enabling developers enhance deployment times by providing building blocks and a secure foundation that integrate security by default. This is accomplished through centralized security requirements, architectural patterns, secure-by-default infrastructure and application building blocks, pipeline-embedded and runtime guardrails, and robust detection mechanisms to identify security risks.

    While the REDSCAR team focuses on both application security and infrastructure, this position will play a key role specifically in the application security domain. If you are passionate about the field of application security and have a proven track record of successfully solving complex application security challenges in your previous roles, then we are looking for you.

    Responsibilities

    As a principal security engineer for Application Security, you will play a crucial role in ensuring the security and integrity of our software products. You will lead efforts to strengthen our application security posture, reduce application security vulnerabilities at scale, contribute to development of high confidence SAST rules and defensive libraries. In addition, part of the responsibilities will involve actively contributing to the process of bringing our security products to General Availability, ensuring their readiness and effectiveness in meeting security requirements and business needs. This role will also require collaborative engagement with cross-functional teams, as you play a pivotal role in seamlessly integrating security measures into the development process. Your contribution will be instrumental in strategically shifting security practices to an earlier stage, ensuring that security becomes an inherent part of our development culture.

    Minimum Qualifications:

    • Bachelor's Degree or equivalent work experience required, preferred Master in engineering, computer science, or a related technical field
    • 10+ years experience in security field (Pen-Tester, Blue Team, Threat Modeling, Security Researcher, etc)
    • Strong understanding of application security controls and their implementation at scale (e.g. SAST, DAST, template scanning, security libraries, 3rd part libraries)
    • Ability to see the big picture and build out concise, comprehensive, yet realistic project plans to solve complex problems
    • Ability to write scripts and automating tasks that require processing a number of files, preferably in Python or Shell
    • Ability to work cross-functionally, context switch, learn fast, and communicate well
    • Proficiency in data analysis to inform data-driven decision-making including decisions on false positives, false negatives, and true positives

    Required Qualifications:

    • Understanding of OWASP Top 10 and secure coding guidelines
    • Ability to identify and mitigate security vulnerabilities and threats. Experience developing mitigations to OWASP Top 10 Security vulnerabilities and/or WASC-25 Security Vulnerabilities
    • Proficiency in at least one core (Java, C#, Python, Go, etc.) and one scripting (Shell, Python, etc) language.
    • Comfortable learning various code review pattern across different languages. Language proficiency is not a must, but understanding language agnostic syntax quickly and finding vulnerable patterns is necessary
    • Ability to translate from compliance and security requirements through product requirements and implement them in automation
    • Knowledge of integrating security into DevOps practices, enabling the shift of security left in the development lifecycle
    • Effective communication and collaboration skills to work seamlessly with cross-functional teams
    • Ability to manage your own projects

    Preferred Qualifications:

    • Passionate for improving security, systems, and processes
    • Experience in leveraging prompt engineering methodologies to enhance application security
    • Development experience in AWS (experience with Azure, Alibaba, GCP is a plus)
    • CISSP certification or other security certifications related to Application Security (e.g. OSWE, GWAPT, CSSLP, CEH)

    *LI-Y

    Accommodations

    If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

    Posting Statement

    At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at https://www.equality.com and explore our company benefits at https://www.salesforcebenefits.com.

    Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

    Salesforce welcomes all.

    Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

    For Washington-based roles, the base salary hiring range for this position is $204,400 to $296,400.

    For California-based roles, the base salary hiring range for this position is $223,000 to $323,400.

    Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://https://www.salesforcebenefits.com.

    Why you should apply for a job to Salesforce:

  • 63% say women are treated fairly and equally to men
  • 70% would recommend this company to other women
  • 81% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Time off and leaves
  • Perks, such as discounts, commuter benefits & educational reimbursement
  • Mental health, parenting and childcare resources