Description

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Product

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

About Our Team
Salesforce's Product Security team within the broader Security organization is at the forefront of securing our customer data and assets while balancing risk and security posture. We thrive on collaboration with product and engineering teams to drive risk outcomes and help maintain trust for our customers.

Your Impact

This role is on the Security Foundations team within our product security organization, and requires a blend of real-world experience and deep knowledge in software security, including application security, cloud security, secure coding practices, and security architecture, with a specific focus on application and infrastructure risk identification and remediation. These risks may be strategic in nature, impacting multiple products or tools.

This role is focused on proactive discovery and remediation of emerging risk patterns via Attack Surface Management and targeted hands-on security assessments.

The ideal candidate will have a proven track record of identifying systemic risk through uncovering of underlying common patterns representing systemic flaws, investigating and drafting Root Cause Analyses for complex vulnerabilities, and configuring/analyzing/triaging risk signals from monitoring and detection tooling. This role is responsible for leading investigations into, and coordinating remediation for systemic risks across Salesforce's products.

Responsibilities

• Partnership with Engineering
• Collaborate with Product Management & Engineering teams to drive accountability for implementing mitigation steps across affected areas and to resolve issues at their root cause.
• Drive adoption of proactive security measures and guardrails, such as automated secure coding checks, centralized input validation libraries, and robust access control mechanisms.
• Update organizational standards, policies and procedures as necessary to prevent systemic flaws from being re-introduced.
• Educate developers on secure coding practices and common systemic flaws.
• Influence Product Management & Engineering roadmaps to drive architectural improvements and adopt secure-by-default product features.

Risk Identification & Management

• Review technical design and architecture documentation or source code for product features.
• Triage security findings, alerts or bug reports to find common patterns representing widespread or recurring security issues.
• Identify variants or broadly similar instances of existing security anti-patterns using commercial, custom, and/or open-source code and runtime testing tools.
• Validate security issues with a proof-of-concept to confirm exploitability when necessary.
• Collaborate with engineers and developers to build context required to pinpoint and articulate risk.
• Develop scalable approaches for risk remediation, mitigation, and prevention. These should include Agentic AI and process automation.
• Collaboration & Influence
• Frame engineering risks to enterprise and other Security partners at levels of seniority up to and including C-suite leaders.
• Collaborate with other security teams to incorporate lessons learned from risk identification and remediation into proactive controls.
• Engage in executive forums, as necessary, to articulate risk remediation strategies in a manner that resonates with the audience.
• Rapidly adapt to new and emerging high-risk areas, effectively persuading stakeholders to pivot priorities where required.

Minimum qualifications

• Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required
• Proven communication, collaboration, and interpersonal skills with the ability to effectively communicate complex technical concepts to diverse audiences, including technical and non-technical teams.
• An attacker's mindset; consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them
• A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand.
• Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns.
• Experience participating in an information security program and improving or proposing improvements to a secure development lifecycle
• Threat modeling of security topics across infrastructure security & application security domains. Understanding of, or experience managing infrastructure and platform access control models, best practices for configuring secure Salesforce orgs, session authentication and API security best practices, and use of Agentic AI to streamline risk detection and evaluation.
• Excellent writing and presentation skills.
• Possess the ability to communicate concisely, clearly, and intelligently to cross functional teams.
• Preferred Qualifications
• Proven ability to drive enterprise-ready features to release prioritizing Trust without sacrificing usability
• Strong technical aptitude; comfortable engaging with engineering on architecture, APIs, and platform implications
• Experience working with InfoSec, Legal, and IT stakeholders at Fortune 500 companies
• Demonstrated expertise in navigating security incident response efforts, including direct engagement with executive leadership, legal counsel, and external parties to resolve complex security issues.
• Strategic thinker with an understanding of the evolving global threat landscape and its implications for millions of users.
• Additional Exceptional Qualifications
• Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, Rust, TypeScript. Some experience performing penetration testing or familiarity with the process
• 5+ years proven experience in the following areas in a security engineering or research role:Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25
• Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best , and our AI agents accelerate your impact so you can do your best . Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form .

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions. The typical base salary range for this position is $148,500 - $223,900 annually. In select cities within the San Francisco and New York City metropolitan area, the base salary range for this role is $178,900 - $246,000 annually. The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.
Requisition #: JR325164

pca3lyuhf