Product Security Lead Advisor

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

About The Role

Join our Infrastructure & Foundations Product Security Advisory team as a Lead Product Security Engineer, where you'll play a pivotal role in fortifying the bedrock of Salesforce's entire product ecosystem. In this highly impactful position, you'll leverage your deep technical expertise to provide strategic security guidance and leadership to engineering teams responsible for our foundational services, including core technical security controls, public cloud platforms, and build infrastructure.

As a trusted security advisor, you'll serve as the primary point of contact for our engineering partners and leadership, cultivating strong relationships and delivering critical security recommendations. Your contributions will directly shape and enhance the security posture of our core platforms, ensuring the resilience and integrity of Salesforce's offerings.

Our team specializes in providing deep architectural and infrastructure security expertise across a diverse range of technologies, both on-premises and within public cloud environments. This includes securing web applications, distributed systems, and virtualized infrastructures. You'll champion secure software development lifecycle (SSDL) best practices, empowering engineering teams to build secure products from the ground up.

Responsibilities and Impact

• Provide Expert Security Advisory for Large-Scale Cloud Initiatives:

  • Offer strategic security guidance to engineering teams on complex enterprise architectures and systems across the application and infrastructure stack within large-scale public cloud initiatives.

• Drive Proactive Security Through Architecture and Threat Modeling:

  • Partner closely with engineering teams to conduct thorough architecture and threat modeling risk analyses, proactively identifying security vulnerabilities and developing comprehensive risk mitigation plans throughout the SDLC.

• Influence Secure Design and Implementation:

  • Collaborate with product teams to influence upstream security improvements, balancing functional goals with security requirements by recommending optimal design solutions.

• Align Security Priorities with Business Risk:

  • Work with Product BISOs to curate and prioritize risk-based security initiatives, driving security maturity across all products.

• Conduct Continuous Threat and Technology Research:

  • Research emerging threats, vulnerabilities, and new technologies, performing business impact analyses to inform security strategies.

• Analyze Risk Signals for Actionable Insights:

  • Analyze diverse risk discovery data sources to derive crucial insights, shaping security activities and roadmaps for Salesforce products.

• Support Risk Prioritization Across Security Programs:

  • Leverage deep security expertise and product knowledge to support risk prioritization activities across various security programs.

Minimum qualifications

• Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required

• 5+ years proven experience in the following areas in a security engineering or research role:

  • Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.

  • Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25

  • Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.

• Threat modeling of security topics across both infrastructure security & application security domains

• Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript

• Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements

• Strong writing and presentation skills. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.

Preferred Qualifications

• An attacker's mindset; consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them

• A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand.

• Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns

• Experience managing or participating in an information security program and improving or proposing improvements to a secure development lifecycle

• Some experience performing penetration testing or familiarity with the process

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.