Enterprise Application Security Engineer; pen testing

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Enterprise Security secures our enterprise environment that serves our rapidly growing workforce! As a Senior Enterprise Security Engineer, you will partner closely with technology and business partners to understand their objectives, identify threats, and scale our enterprise security programs. You will collaborate with our Business and IT organizations and champion security requirements in the selection, development, and integration of a wide range of technologies.

You will also have the opportunity to identify emerging threats and design new processes that balance security and business agility across Salesforce.

• Perform full stack security assessments (such as architecture and design reviews, code reviews, and penetration tests) across a diverse and sophisticated range of environments including:
  • Web applications/SaaS applications
  • Operating system and hardware platforms (server and client endpoints, mobile and other embedded devices)
  • Network infrastructure (switches, routers, wireless access points, load balancers, firewalls, VPN, SDN, cloud)
  • Authentication and authorization services (SAML, OAuth, Radius, Kerberos)
  • Public cloud infrastructure platforms and technologies (AWS, GCP, Azure, Terraform)
  • Middleware and API services
• Threat model common attacker methods to develop appropriate mitigation techniques, providing guidance that balances security requirements with functional requirements.
• Develop automated processes and support improvement of tooling to identify and solve problems at scale.
• Collaborate with engineering teams and business partners to drive solutions through a secure development lifecycle.
• Define and develop technical security standards and guidelines with business partners.
• Research new technologies, emerging threats, and vulnerabilities for strategic planning and process improvements.

• 2-4 years of experience in a security role with a focus on application and network security, penetration testing, security engineering, infrastructure engineering, threat modeling, red team operations, firewall/access control technologies, risk management, and/or endpoint security controls.
• Knowledge of key areas pertaining to security such as common network security models and protocols, application security, methods of resolving integrity and providing confidentiality, operating systems internals and vulnerabilities, public key infrastructure and digital certificates, and exploit mitigation techniques.
• Hands-on experience performing security assessments with common tools such as Burp Suite, Nexpose, Nessus, Metasploit, and Nmap.
• Experience performing manual and tool-assisted code reviews (Java, JavaScript, Python, and other languages).
• Experience designing solutions and/or performing security assessments in cloud environments (AWS, Azure, Google Cloud).
• Excellent communication skills, with the ability to work as a team and collaborate effectively with diverse stakeholders.

• Confirmed scripting experience in one or more of these languages:
  Bash, Power Shell, Python, Java, JavaScript / NodeJS.
• Security certification such as OSCP, OSEP, GCIH, GCIA, GPEN, GWAPT, GMOB, GPPA, CCNP, CCNP Security, CCIE Security.
• Knowledge of development and security practices on the Salesforce platform, Heroku, Slack, Mulesoft, and/or Tableau.

Join us at Salesforce and be part of a team that is dedicated to making a positive impact on the world while advancing your career in a dynamic and innovative environment!

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law.

This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same…