To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Product
Job Details
About Salesforce
We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.
Want more jobs like this?
Get jobs delivered to your inbox every week.
Product Security Advisors
About The Role
Join our Foundations Product Security Advisory team as a Lead Product Security Engineer, where you'll play a pivotal role in fortifying the bedrock of Salesforce's entire product ecosystem. In this highly impactful position, you'll demonstrate your deep technical expertise to provide strategic security guidance and leadership to engineering teams responsible for our foundational services, including core technical security controls, public cloud platforms, and build infrastructure.
As a trusted security advisor, you'll serve as the primary point of contact for our engineering partners and leadership, cultivating strong relationships and delivering critical security recommendations. Your contributions will directly shape and enhance the security posture of our core platforms, ensuring the resilience and integrity of Salesforce's offerings.
Our team specializes in providing deep architectural and infrastructure security expertise across a diverse range of technologies, both on-premises and within public cloud environments. This includes securing web applications, distributed systems, and virtualized infrastructures. You'll champion secure software development lifecycle (SSDL) standard methodologies, empowering engineering teams to build secure products from the ground up.
Responsibilities and Impact
- Provide guide Security Advisory for Large-Scale Cloud Initiatives:
- Offer strategic security guidance to engineering teams on complex enterprise architectures and systems across the application and infrastructure stack within large-scale public cloud initiatives.
- Drive Proactive Security Through Architecture and Threat Modeling:
- Partner closely with engineering teams to conduct thorough architecture and threat modeling risk analyses, proactively identifying security vulnerabilities and developing comprehensive risk mitigation plans throughout the SDLC.
- Influence Secure Design and Implementation:
- Collaborate with product teams to influence upstream security improvements, balancing functional goals with security requirements by recommending optimal design solutions.
- Align Security Priorities with Business Risk:
- Work with Product BISOs to curate and prioritize risk-based security initiatives, driving security maturity across all products.
- Conduct Continuous Threat and Technology Research:
- Research emerging threats, vulnerabilities, and new technologies, performing business impact analyses to inform security strategies.
- Analyze Risk Signals for Actionable Insights:
- Analyze diverse risk discovery data sources to derive crucial insights, shaping security activities and roadmaps for Salesforce products.
- Support Risk Prioritization Across Security Programs:
- Leverage deep security expertise and product knowledge to support risk prioritization activities across various security programs.
Minimum qualifications
- Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required
- 5+ years validated experience in the following areas in a security engineering or research role:
- Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.
- Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25
- Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.
- Threat modeling of security topics across both infrastructure security & application security domains
- Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript
- Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements
- Strong writing and presentation skills. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.
Preferred Qualifications
- An attacker's approach; consider abuse and attack paths as well as the defensive mentality to recommendations to prevent them
- A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand.
- Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns
- Experience handling or participating in an information security program and improving or proposing improvements to a secure development lifecycle
- Some experience performing penetration testing or familiarity with the process
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement
Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
For Washington-based roles, the base salary hiring range for this position is $184,000 to $253,000.
For California-based roles, the base salary hiring range for this position is $200,800 to $276,100.
Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.