Senior Security Assurance Engineer
Salesforce
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
ProductJob Details
About Salesforce
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
Security Assurance works to ensure no significant security risk escapes into customer-facing products, the supporting platform, or our enterprise technology stack by providing continual security assurance throughout the lifecycle.
Security Assurance functions include: conducting design and implementation assessments, performing application security reviews, writing security recommendations, testing, researching security issues, building security tools, and other security related engagements.
We secure a broad range of technologies on-premise and in public cloud substrates, including sophisticated web applications, distributed processing systems, virtualized environments, etc.
We are looking for the best security engineers in the world.
Do you want to help secure the experience of millions of people every day? If the answer is yes then Salesforce is looking for people like you!
Roles & Responsibilities:
Partner with engineering teams; performing threat modeling, architecture risk analysis, identifying security vulnerabilities, and driving work items and bugs from these activities to resolution
Ability to secure large, sophisticated enterprise architectures or systems deployed in public cloud
Brainstorm with counterparts in the engineering teams to drive security improvements upstream
Identify the trade-offs of different solutions and recommend designs to achieve both functional goals and security requirements
Perform testing, infrastructure/vulnerability assessments, and remediation activities
Work with engineering teams throughout the SDLC to ensure their efforts are secure
Perform design and code reviews of our flagship services and product offerings
Develop new automation and tooling to improve our analysis, detection, and prevention capabilities
Perform innovative applied research on new attacks and present new findings to both internal and external audiences
Develop secure code practices and provide hands-on training to engineering and operations.
Required Qualifications:
An attacker's mindset
Demonstrated ability in a security engineering or security research role
Infrastructure and Application Security experience
Securing products and infrastructure from the OWASP Top 10 and CWE Top 25
Exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.
Public Cloud: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.
Experience in software development in one or more languages: Java, Perl, Python, Ruby, etc.
Degree-level education, certification(s), and/or meaningful work experience
#LI-Y
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.