Lead M&A Product Security Engineer

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Trust and security are Salesforce's number one value as a company. We have built a mergers & acquisitions security integration team that is responsible for ensuring the security uplift of all Salesforce acquisitions. The Security Engineer will work with acquisitions to threat model their environment, identify risks, track mitigations, and transition the acquisition to other security teams for long term ownership.

We are looking for an individual contributor that wants to bring to bear their existing penetration testing, development, operations and infrastructure skills in an elite security environment. Work with acquisition engineering teams to ensure product and infrastructure are secure. The work involved will be focused mostly on product/infrastructure assessment, intrusion testing, code review, threat modeling, assisting acquisition engineering teams integrating to Salesforce standards, assisting acquisition engineering teams remediating issues uncovered during testing.

Salesforce makes multiple acquisitions per year, and each acquisition represents the unknown, ensuring engaging and exciting work that will challenge you technically and provide great opportunities to grow your professional skills.

SKILLS:

• Application/product security assurance work with SWE teams

• Experience threat modeling SaaS product and infrastructure

• Strong IaaS security skills, with a focus on AWS

• Strong scripting/development skills (Python, Go, Ruby, Java, Node, etc)

• Knowledge of secure software development lifecycle

• Experience with static and dynamic code analysis tools

• Experience performing code and infrastructure design reviews

• Experience fuzzing applications and protocols

• Assembly/exploit development experience

• Experience in infrastructure vulnerability assessments and remediation

• Bug bounty awards or CVEs

• Contributions to the community (open source, presentations, volunteering, etc)

• Knowledge of CI/CD standard methodologies

• Experience architecting, building and maintaining security controls

• Experience building, deploying, maintaining security controls

• Linux systems engineering/operations

• Understanding of Microsoft Windows Server/AD deployment

• A related technical degree required

For Colorado-based roles: Minimum annual salary of $104,600. You may also be offered a bonus, restricted stock units, and benefits. More details about our company benefits can be found at the following link: ~~~/

LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form (~~~) .

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce, Inc (~~~/) . and ~~~ are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce, Inc (~~~/) . and ~~~ do not accept unsolicited headhunter and agency resumes. Salesforce, Inc (~~~/) . and ~~~ will not pay any third-party agency or company that does not have a signed agreement with Salesforce, Inc (~~~/) . or ~~~ .

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.