Salesforce Product Security Lead 

United States, California, San Francisco 

945793193

Job Category

Job Details

Responsibilities and Impact

• Provide guide Security Advisory for Large-Scale Cloud Initiatives:

  • Offer strategic security guidance to engineering teams on complex enterprise architectures and systems across the application and infrastructure stack within large-scale public cloud initiatives.

• Drive Proactive Security Through Architecture and Threat Modeling:

  • Partner closely with engineering teams to conduct thorough architecture and threat modeling risk analyses, proactively identifying security vulnerabilities and developing comprehensive risk mitigation plans throughout the SDLC.

• Influence Secure Design and Implementation:

  • Collaborate with product teams to influence upstream security improvements, balancing functional goals with security requirements by recommending optimal design solutions.

• Align Security Priorities with Business Risk:

  • Work with Product BISOs to curate and prioritize risk-based security initiatives, driving security maturity across all products.

• Conduct Continuous Threat and Technology Research:

  • Research emerging threats, vulnerabilities, and new technologies, performing business impact analyses to inform security strategies.

• Analyze Risk Signals for Actionable Insights:

  • Analyze diverse risk discovery data sources to derive crucial insights, shaping security activities and roadmaps for Salesforce products.

• Support Risk Prioritization Across Security Programs:

  • Leverage deep security expertise and product knowledge to support risk prioritization activities across various security programs.

Minimum qualifications

• Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required

• 5+ years validated experience in the following areas in a security engineering or research role:

  • Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.

  • Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25

  • Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.

• Threat modeling of security topics across both infrastructure security & application security domains

• Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript

• Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements

• Strong writing and presentation skills. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.

Preferred Qualifications

• An attacker’s approach; consider abuse and attack paths as well as the defensive mentality to recommendations to prevent them

• A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand.

• Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns

• Experience handling or participating in an information security program and improving or proposing improvements to a secure development lifecycle

• Some experience performing penetration testing or familiarity with the process

If you require assistance due to a disability applying for open positions please submit a request via this.

Posting Statement