Senior Security Engineer (Remote)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Salesforce Penetration Testing team proactively improves the overall security resilience of Salesforce’s most critical areas, using a suite of capabilities that mimic real-world malicious actors. We achieve this by applying offensive security tactics that use custom-made tools and manual penetration tests against applications/infrastructure and services that handle customer PII. We work with teams throughout Salesforce including our acquisitions to provide security services and drive new security initiatives. Our credible security professionals are key to our success.

Responsibilities:

• Conduct security architecture review of the full stack including applications built on cloud and new technologies. Document clear and detailed risk assessment and remediation steps for developers and business owners.

• Perform manual penetration testing and source code review for a variety of technologies to identify complex vulnerabilities.

• Provide security guidance and recommendations to engineering and operational teams.

• Develop security tools for the detection and prevention of security threats.

• Collaborate with other security teams to provide insights & security knowledge share.

• Security research on the latest methodologies, trends, threats and vulnerabilities, and technology frameworks.

Highly sought after:

• Perform negotiated and pre-approved bug hunting activities on SFDC networks/products/acquisitions.

As well as working with core Salesforce teams, you may also be working with teams from our acquisitions. Our latest acquisitions include:

• Slack

• Tableau

• Heroku

• Mulesoft

• Quip

Basic Qualifications:

• Solid professional experience in infrastructure and web-based vulnerability assessments and remediation.

• Strong experience with dynamic and static code analysis to identify security bugs and vulnerabilities.

• Proven C# or Java code review experience

• Experience with Kubernetes and/or Docker.

• Strong scripting and development skills (ex: Python, Go, JavaScript, Java, etc.).

• Strong verbal and written communication skills.

• Passion for discovering and researching new vulnerabilities and exploitation techniques.

Preferred Qualifications:

• Strong IaaS security skills, with a focus on AWS, Azure, and/or GCP.

• Experience fuzzing applications and protocols.

• Knowledge of secure software development lifecycle (SDLC).

• Track record of bug bounty awards and/or Common Vulnerabilities Exposures/Public Security Articles.

• Experience performing code and infrastructure design reviews.

• Familiarity with building, deploying, and maintaining security controls.

• Proficiency in Linux and Windows systems engineering/operations.

• Understanding of Microsoft Windows Server/AD deployments.

• Experience manually testing web applications or enterprise penetration testing

#LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Salesforce welcomes all.