Overview

Trust is the #1 company value at Salesforce. Our Product Security team ensures the security of our products and serves as subject matter experts for our R&D teams and AppExchange partners to protect our customers’ data in today’s rapidly evolving threat landscape. We are a team of curious minds that specialize in security research, penetration testing, and innovative tool development. We evaluate a broad range of technologies including complex web applications, distributed processing, virtualized environments and isolation of untrusted code.

 

With the full backing of our executive leadership, you’ll work closely with the technology organization and partners to evaluate the design and implementation of our product offerings, help create innovative security solutions for our products, and educate our teams on secure application development and emerging threats. In addition, you will create new tools, conduct industry-leading research, and solve challenging technical problems on the forefront of application security. Perhaps most importantly, you will contribute to a high-impact SDL revamp and change the way Engineering teams approach security.

 

Responsibilities:

-Assist with the development and testing of our threat modeling tool, which is central to our SDL’s success

-Perform threat modeling and security architecture reviews across a wide range of products in our portfolio.  Some of our products include Salesforce App Exchange apps, native clients, mobile apps, web apps and web services

– Serve as a subject-matter expert and generate technical content for the documentation of security guidelines for all security functions supporting Salesforce Engineering, which are central to the SDL program’s success.

– Perform black-box penetration testing and code reviews of our flagship services, product offerings and partners’ apps.

– Guide the technology organization’s security and privacy initiatives by participating in design reviews and threat modeling.

– Participate in our incident response and vulnerability remediation efforts.

– Perform cutting-edge applied research on new attacks and present new findings to both internal and external audiences.

– Evaluate application security tools for internal consumption. Develop new automation and tooling to improve our detection and prevention capabilities.

 

Minimum Qualifications:

– B.S. / M.S. in Computer Science, Electrical Engineering or related experience.

– 5+ years work experience in an application security role.

– 5+ years work experience with threat modeling, security design reviews and security architecture

– Knowledge of several different threat modeling methodologies and tools

-3+ years working experience in software development

-Experience building out a successful Secure Development Lifecycle (SDL) program

– Demonstrated ability to write clear and comprehensive technical security content.

– In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.

– Relevant experience in several of these languages: Java, JavaScript / NodeJS, Ruby, .NET, C / Objective C, PHP, Python.

– Solid knowledge of the browser security model, crypto, and network security.

– Attacker mindset: Passion for breaking all the things unbreakable.

Bonus Points:

– Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.

– Familiarity with security tools such as static analysis, runtime analysis.

– Experience in Linux OS or AWS security role

– In-depth experience identifying and mitigating security vulnerabilities in applications and operating systems

 

 

Experience in Linux OS or AWS security role Salesforce, the Customer Success Platform and world’s #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for “family”) made up of our employees, customers, partners and communities, we are working to improve the state of the world.