Salesforce Mergers & Acquisitions Security Lead 

United States, California, San Francisco 

759745594

Job Category

Job Details

As the M&A Security Lead Engineer, you are responsible for:

• Leading and conducting security diligence exercises for potential acquisition targets, including:
• Creating threat model of the target environment;
• Leading a team of security engineers in penetration testing and security review of target source code, infrastructure, cloud accounts, and other assets;
• Crafting and leading security-focused interviews with acquisition leadership and security resources;
• Requesting and analyzing supplemental information to build a full picture of a target’s security posture and areas of weakness;
• Identifying potential areas of risk and assessing their potential impact to Salesforce upon acquisition;
• Modeling out the potential real and opportunity costs of security debt on overall business priorities and deal models;
• Updating leadership and executives on status, findings, and potential risks throughout the exercise;
• Escalating critical areas of risk to acquisition and Salesforce leadership; and
• Using diligence information to craft preliminary integration plans.
  • Leading security integrations of acquired companies, including:
    • Using information discovered during diligence to craft detailed integration plans to drive the resolution of identified security debt
    • Prioritizing work items in accordance with risk;
    • Negotiating with work teams to estimate associated effort and ensure committed timelines for development and required work;
    • Taking ownership for key milestones where possible and delegating or influencing partner engineering teams where not;
    • Keeping pulse on remediation progress, working to resolve blockers, escalate risks, and generally drive a fast pace of integration work; and
    • Preparing acquired products for handoff to the wider Security team.
  • Developing thought leadership for the M&A team and wider Security team, including:
    • Deeply understanding associated technical products and tooling that could enhance our M&A integration processes, identifying tooling gaps, assessing potential solutions, and generally advising the wider Security team on use, implementation, and evolution;
    • Developing deep expertise in Salesforce security domains, how to apply them to various types of acquisitions, how to more efficiently work with team members to drive integration efficiency, and generally advising the wider Security team on implementation and evolution;
    • Upleveling testing, integration, and technical application of security across Salesforce and acquisition environments.

REQUIRED QUALIFICATIONS

• Bachelor's Degree in Computer Science, Engineering, or related technical field, or equivalent experience in technical leadership.
• 6+ years of experience in security testing, engineering, or technical assurance across applications, products, and infrastructure.
• Experience with threat modeling SaaS product and infrastructure.
• Strong IaaS security skills, with a focus on AWS and/or GCP. Familiarity with Azure and OCI a plus.
• Experience with Linux systemsengineering/operations;Understanding of Microsoft Windows Server/AD deployment.
• Strongscripting/developmentskills (Python, Go, Ruby, Java, Node, etc).
• Deep knowledge of secure software development lifecycle; knowledge of CI/CD best practices.
• Experience architecting, deploying, and maintaining security controls.
• Experience performing code and infrastructure design reviews; experience fuzzing applications and protocols; assembly/exploit development experience.
• Experience with multiple static and dynamic code analysis tools.
• Experience in infrastructure vulnerability assessments and remediation; bug bounty awards or CVEs.
• Excellent problem-solving, analytical, and communication skills. Must have experience explaining technical security concepts to non-technical and technical audiences.
• Contributions to the community (open source, presentations, volunteering, etc).
• Bachelors' degree in an associated field (e.g. Information Technology, Computer Science, etc.) and/or advanced industry certifications (e.g. CISSP, CEH, CRISC, OCSP, CompTIA Security+, etc.)

PREFERRED QUALIFICATIONS

• Experience with mergers and acquisitions security integrations at a large technology enterprise.
• Familiarity with testing and developing security controls for multi-cloud infrastructure (e.g. AWS, GCP, Azure, OCI)
• Experience explaining technical security concepts to non-technical executive audiences.
• Strong understanding of business drivers and how security risks may or may not impact corporate business plans.
• Advanced degree in associated field (e.g. Information Technology, Computer Science, etc.)
• Multiple certifications and/or professional industry affiliations

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and

, and our AI agents accelerate your impact so you can

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement

to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records. For California-based roles, the base salary hiring range for this position is $200,800 to $276,100.