Information Security Administrator - Csirt jobs at Salesforce

Job Category

Job Details

• Develop and execute audit strategies to ensure compliance with global standards and regulatory requirements.

• Lead and execute the internal controls testing program focused on Salesforce environments, ensuring alignment with SOX, ISO 27001, SOC 1/2, and other regulatory frameworks.

• Partner directly with Salesforce compliance engineering and platform teams to understand technical processes and design effective control testing strategies across multiple domains.

• Collaborate with cross-functional partners to operationalize audit recommendations and enhance compliance posture.

• Develop and maintain robust playbooks and control documentation for critical Salesforce processes that serve as the foundation for assessments and audits.

• Identify opportunities to streamline and automate testing procedures, driving operational efficiency and continuous improvement.

• Provide timely and actionable reporting to leadership, highlighting testing results, emerging risks, control gaps, and trends across the Salesforce ecosystem.
  

• 6+ years of experience in IT audit or internal controls, managing global compliance assessments in a complex environment with a strong focus on cloud/SaaS platforms.

• Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as ISO 27001, SOC, HIPAA, PCI, HITRUST, and FedRAMP, etc.

• Strong program and stakeholder management experience, including cross-functional leadership in a highly collaborative environment.

• Experience with compliance tooling, control testing automation, or audit workflow platforms and processes

• Technical knowledge and understanding of different hyperscaler environments such as AWS.
  

Required Qualifications

• Strong Analytical and problem solving skills with the ability to assess risks and recommend solutions.

• Detail oriented with strong organizational and documentation skills.

• Ability to solve unique, complex and often ambiguous problems with broad impact on the business

• Conceptual and innovative thinking to develop and implement solutions

• Ability to work independently and collaboratively in a fast paced regulatory environment.

• Identify risk in processes and environments, and strategies to mitigate the risk.

Preferred Qualifications:

• Certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK) are a plus

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

• Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” seven years in a row and #1 on the FORTUNE ‘100 Best Companies to Work For®’ List. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world.

  Department and Role Description:
  Department Description:
  Computable Insights LLC, referred to as “Salesforce National Security”(SNS), is a wholly-owned subsidiary of Salesforce. SNS is Salesforce’s contracting entity dedicated to the US Intelligence Community and US National Security market, and in this capacity is a major component of Salesforce’s Global Public Sector. Salesforce Global Public Sector has dedicated teams supporting Federal Civilian Agencies, State & Local Agencies, the Department of Defense, and Government Contractors in addition to SNS.As an SNS Account Executive, you would be a key member of a team responsible for generating new business with specified US Intelligence Community customers.

  Your Impact:
  You will collaborate with your teammates and work closely with your customers as a trusted advisor to deeply understand their unique challenges and goals. You will consult with customers on the value of them using Salesforce Platform and evangelize solutions that will help them reach their goals and blaze new trails within their organizations. You will contribute to our business growth in a fast paced, collaborative and fun atmosphere, as a valued member of our Ohana focused on the National Security market.

  Roles & Top Qualifications:
  Strategic Account Executives must have 10+ years of quota carrying software or technology sales, account management and Enterprise-level sales experience and must have a proven track record with supporting the US Intelligence Community. A bachelor's degree is required and an advanced degree is strongly preferred. Qualification for this job is contingent upon acceptable results from a background investigation and maintaining the specific level U.S. government background investigation required for this role. All offers of employment are contingent upon Government approval of your TS/SCI with polygraph security clearance.

  We are looking for the following attributes:

  
  Consultative selling experience
  Prospecting Skills
  Strong Communication Skills
  Strong Business Acumen
  Has a competitive spirit
  Ability to collaborate
  Resourceful
  Coachable
  Drive for results
  Ability to work in fast-paced, team environment
  Strong Executive Presence
  Experience articulating ROI
  Solution Selling Ability
  Strong Discovery Skills
  Objection Handling Skills
  Planning and Closing Skills

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

Preferred Locations:

• Herndon, VA

Minimum Qualifications:

• United States Citizenship required

• Qualification for this job is contingent upon acceptable results from a US Federal background investigation, and obtaining and maintaining the specific level U.S. government security clearance required for this role.

• B.S. Computer Science, Software Engineering, MIS or equivalent work experience

• 7 or more years experience as a solution/sales engineer for a Middleware company or similar technology

• Demonstrated leadership and mentorship skills

• Knowledge of related applications, relational database, web technology, and cyber-security

• API development experience (Java, Python, other).

• Proficient experience with MicroServices development and enterprise integration patterns.

• Solid oral, written, presentation and interpersonal communication skills

• Ability to work as part of a cross-functional team to solve technical problems

• Ability to travel domestically

Responsibilities:

• Understand customer goals and challenges and map those back to the Salesforce product portfolio

• A skillset to establish trust with clients, and the ability to influence key decision makers

• Hands-on Java development experience and ability to code and debug against Java APIs is preferred

• Experience with cloud technologies - iPaaS, SaaS applications, cloud infrastructure, etc. is preferred

• Participate in all appropriate product, sales, technical training and certifications to acquire and maintain the knowledge necessary to be effective in the position

• Attain quarterly and annual objectives defined collaboratively with management

• Respond effectively to RFIs/RFPs

• Active participation in a fast-paced high-energy market segment and balance multiple projects in a team-selling environment

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

Role Type: Individual Contributor (IC)

This pivotal role for a BISO within our product security organization requires a blend of real-world experience and deep knowledge in software security, including application security, cloud security, secure coding practices, and security architecture, especially across Software as a Service (SaaS) and On-premise services.

Minimum Qualifications

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. Equivalent experience may be considered.

• 10-15 years of experience in information security, with at least 5-10 years in a leadership role focused on technical security across cloud, infrastructure, applications, and third-party integrations.

• Deep understanding of security principles across all tech layers, including cloud platforms (AWS, Azure, GCP), infrastructure security (network, endpoint, IAM), application security (SAST, DAST, secure coding), and third-party risk management frameworks

• Familiarity with security tools such as SIEM (e.g., Splunk, QRadar), vulnerability scanners (e.g., Qualys, Nessus), or IAM solutions (e.g., Okta, SailPoint).

• Demonstrated ability to work independently, take ownership of security initiatives, and drive results with minimal supervision.

• Strong executive presence and immaculate ability to articulate technical security concepts in a business/risk context

• Customer-focused: You know how to balance your "get it done" attitude with diplomacy to be able to work effectively across different teams and at all levels

• Proven ability to prioritize initiatives utilizing risk data from multiple input sources, while staying aligned with the bigger picture

• Strong understanding of security and compliance frameworks (e.g., SOX, NIST CSF, ISO 27001/2, CIS Controls).

• Ability to thrive in a dynamic, fast-paced environment, staying ahead of emerging threats and adapting strategies to evolving business needs.

• Excellent communication skills to translate complex security concepts into business-friendly language.

• Strong stakeholder management and collaboration skills to work with cross-functional teams and ability to influence decision-making without direct authority.

Preferred Qualifications

• Deep understanding of securing AI solutions

• Prior experience as BISO or equivalent is desirable

• Ability to cultivate strong working relationships with customer teams and internal security teams, including those in international locations

• Strong willingness to challenge status quo and drive continuous improvement through change and new ideas

• Track record of auditing related or consulting experience, high tech industry a plus

• Certifications like CISM or CISSP highly desired

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

Responsibilities:

• The ideal candidate will lead and inspire a team within Security Infrastructure Identity and Access [IAM]. Deliver Security services, drive change, think independently, communicate clearly, and provide recommendations for process, service and automation initiatives on 1P (first party) and Cloud environments.
• Lead development teams in a full-service ownership model following Agile methodologies
• Lead DevOps activities for owned services in a 24/7 runtime environment, including driving investigations to resolve root cause and implement solutions.
• Collaborate with other engineering teams to solve security problems with minimal disruption to other business functions.
• Hire, train and assess the performance of direct reports according to corporate policies and procedures.
• Assist in the growth of employees through mentor, training and career development activities.
• Define goals and timely deliverables for improving any ofprovisioning/deprovisioning,privileged user management, role based access control (RBAC) entitlement, appropriateness of access and/or IAM services that are needed to support our business internally or externally.
• In conjunction with our engineering teams, work with partners & team members to design/architect, test, deploy and operate our IAM stack. You will partner with other business units, to deliver one enterprise identity solution for Salesforce.
• Drive design and implementation of innovative distributed software platforms for continuous assessment of security posture of the code and third-party packages used by Salesforce engineers

Required Skills/Experience:

• 3+ years of experience in managing identity and access management teams.
• Proficiency with IAM tools such as Okta, SailPoint, Azure AD, CyberArk, ForgeRock, etc.
• Strong knowledge of authentication standards (SAML, OIDC, OAuth2).
• Experience with identity lifecycle management and governance frameworks.
• Familiarity with directory services (LDAP, AD), scripting (PowerShell, Python), and APIs.
• Understanding of compliance frameworks (e.g., NIST, ISO 27001).
• Knowledge of automation/scripting languages and CI/CD processes including GoLang, Python (and/or Terraform, Spinnaker, JSON, Puppet).
• Proven experience driving Software Engineering Excellence practices.
• Proven experience in driving engineering excellence, showcasing strategic technical insight and driving technical partnerships
• Experience in consumption of Web Services APIs (JSON / XML, etc.).
• Experience in multi-tiered mission-critical systems, cloud environments (Amazon AWS, Microsoft Azure, GCP)
• Solid experience in a high-availability 24x7x365 environment with highly structured change management
• Strong technical understanding of systems, network, and identity fundamentals.
• Knowledge and experience with Identity and Access Management technologies and concepts.

Desired Skills/Experience:

• Knowledge of classic auth platforms: (Kerberos, LDAP, Radius, Tacacs+, etc.).
• Knowledge of federation platforms/protocols (Oauth, OpenID, SAML, WS-Fed, etc.)
• Working experience withCommercial/enterpriseIAM platforms (Ping Identity, Active Directory, etc.) or Open Source (OpenLDAP, OpenDJ, etc.).
• Experience with cloud scale Identity, Access Management (Single Sign-On/Multi Factor Authentication), Authorization services or design and architecture of IAM services
  *LI-Y

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

Job Title: Technical Program Management in Security, Director level

About You:

• Love to wear multiple hats.

• Builds relationships to make things happen.

• Highly functional in an energizing environment.

• Comfortable navigating between the tactical and strategic.

• Outstanding executive presence and communications professional.

• Aservice-oriented-mindedperson who "Thinks Customer."

• Enjoy a hyper-transparent flow of information, conversation, and ideas.

• Comfortable with ambiguity and change, and can continue to rally a team behind a vision, even if it’s not clearly defined.

Your Impact - Responsibilities

• Partner with Security stakeholders and across product and engineering teams to lead and manage Security uplift for existing business units or acquired companies, to uphold our value of Trust.

• Strategically align stakeholders on portfolio vision, business goals, and strategy, defining program scope and securing cross-functional commitment.

• Cultivate and leverage executive partnerships to drive strategic program objectives and optimize delivery for measurable success.

• Conduct decisive program reviews to facilitate key decisions, eliminate roadblocks, and resolve issues, ensuring on-time goal attainment.

• Transform business objectives into actionable execution strategies, lead execution through collaborative and agile leadership.

• Partner with engineering and product teams to architect and implement technical solutions, accelerating customer value delivery.

• Establish a dynamic agile environment fostering autonomy, transparency, mastery, innovation, and continuous improvement.

• Orchestrate and resolve complex program dependencies across diverse partners, functions, and divisions.

• Proactively identify and mitigate program risks, ensuring timely achievement of business objectives.

• Ensure data is collected to appropriately inform decision making for mitigating risks and resolving issues.

• Utilize internal tools and agile mindset to create a collaborative environment that fosters autonomy, transparency, mastery, innovation and continuous improvement.

• Anticipate and aggressively remove obstacles that slow down or prevent programs from delivering on program objectives. Drive for clarity to keep teams moving forward.

• Provide “go to” leadership, transparency and visibility to the entire Technology & Products organization.

• Deliver transparent program status reporting, providing actionable insights on decisions, dependencies, risks, and metrics.

• Foster a culture of innovation and learning, empowering teams to generate creative solutions.

• Demonstrate a commitment to continuous professional development, actively seeking and incorporating constructive feedback.

• Be a thought leader within the organization, someone who can help advance our Product & Technology strategy globally and challenge others in the organization to change.

Minimum Qualifications:

• Educational Background:Bachelor's Degree in Computer Science, Engineering, or related technical field, or equivalent experience in technical leadership.

• 10+ years (Director, TPM) of enterprise software/technical program or engineering management experience at an enterprise technology company.

• 5+ years of conducting and leading SaaS product development programs; shown understanding of the SaaS business model and its product development lifecycle.

• Deep understanding of cyber security and risk management practices.

• Excellent analytical and problem-solving skills with a history of hands-on, detail orientation.

• Deep experience with the software development lifecycle; ability to adjust and apply this knowledge in a dynamic environment using agile methodologies.

• Ability to establish credibility and rapport with senior executives and team members.

• Outstanding organizational, communication, andrelationship-buildingskills conducive to driving consensus; able to work in a cross-functional, matrix management environment.

• Experience with Portfolio Management.

• Ability to master technical subjects and technologies relevant to the program.

• Strong organizational, project management, analysis, and communication skills.

• Bachelor’s degree or equivalent work experience.

Preferred Qualifications:

• Familiarity with compliance and security standards, policies, and risk management

• Experience in vendor management

• Public cloud infrastructure knowledge

• Ability to quickly learn Salesforce application to build tools and reports or strong interest in technology and ability to develop application/tool to automate processes

• Masters in engineering, computer science, or a related technical field

• Understanding of Security Development Lifecycle

• Have or desire to attain a PMP, CISM and/or CISSP certification

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

Job Category

Job Details

As the M&A Security Lead Engineer, you are responsible for:

• Leading and conducting security diligence exercises for potential acquisition targets, including:
• Creating threat model of the target environment;
• Leading a team of security engineers in penetration testing and security review of target source code, infrastructure, cloud accounts, and other assets;
• Crafting and leading security-focused interviews with acquisition leadership and security resources;
• Requesting and analyzing supplemental information to build a full picture of a target’s security posture and areas of weakness;
• Identifying potential areas of risk and assessing their potential impact to Salesforce upon acquisition;
• Modeling out the potential real and opportunity costs of security debt on overall business priorities and deal models;
• Updating leadership and executives on status, findings, and potential risks throughout the exercise;
• Escalating critical areas of risk to acquisition and Salesforce leadership; and
• Using diligence information to craft preliminary integration plans.
  • Leading security integrations of acquired companies, including:
    • Using information discovered during diligence to craft detailed integration plans to drive the resolution of identified security debt
    • Prioritizing work items in accordance with risk;
    • Negotiating with work teams to estimate associated effort and ensure committed timelines for development and required work;
    • Taking ownership for key milestones where possible and delegating or influencing partner engineering teams where not;
    • Keeping pulse on remediation progress, working to resolve blockers, escalate risks, and generally drive a fast pace of integration work; and
    • Preparing acquired products for handoff to the wider Security team.
  • Developing thought leadership for the M&A team and wider Security team, including:
    • Deeply understanding associated technical products and tooling that could enhance our M&A integration processes, identifying tooling gaps, assessing potential solutions, and generally advising the wider Security team on use, implementation, and evolution;
    • Developing deep expertise in Salesforce security domains, how to apply them to various types of acquisitions, how to more efficiently work with team members to drive integration efficiency, and generally advising the wider Security team on implementation and evolution;
    • Upleveling testing, integration, and technical application of security across Salesforce and acquisition environments.

REQUIRED QUALIFICATIONS

• Bachelor's Degree in Computer Science, Engineering, or related technical field, or equivalent experience in technical leadership.
• 6+ years of experience in security testing, engineering, or technical assurance across applications, products, and infrastructure.
• Experience with threat modeling SaaS product and infrastructure.
• Strong IaaS security skills, with a focus on AWS and/or GCP. Familiarity with Azure and OCI a plus.
• Experience with Linux systemsengineering/operations;Understanding of Microsoft Windows Server/AD deployment.
• Strongscripting/developmentskills (Python, Go, Ruby, Java, Node, etc).
• Deep knowledge of secure software development lifecycle; knowledge of CI/CD best practices.
• Experience architecting, deploying, and maintaining security controls.
• Experience performing code and infrastructure design reviews; experience fuzzing applications and protocols; assembly/exploit development experience.
• Experience with multiple static and dynamic code analysis tools.
• Experience in infrastructure vulnerability assessments and remediation; bug bounty awards or CVEs.
• Excellent problem-solving, analytical, and communication skills. Must have experience explaining technical security concepts to non-technical and technical audiences.
• Contributions to the community (open source, presentations, volunteering, etc).
• Bachelors' degree in an associated field (e.g. Information Technology, Computer Science, etc.) and/or advanced industry certifications (e.g. CISSP, CEH, CRISC, OCSP, CompTIA Security+, etc.)

PREFERRED QUALIFICATIONS

• Experience with mergers and acquisitions security integrations at a large technology enterprise.
• Familiarity with testing and developing security controls for multi-cloud infrastructure (e.g. AWS, GCP, Azure, OCI)
• Experience explaining technical security concepts to non-technical executive audiences.
• Strong understanding of business drivers and how security risks may or may not impact corporate business plans.
• Advanced degree in associated field (e.g. Information Technology, Computer Science, etc.)
• Multiple certifications and/or professional industry affiliations

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement