Salesforce

Staff Software Engineer, Product Security

Salesforce

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $211,500 - $334,600 per year

Job Level

Lead

Tech Stack

AndroidAWSElectroniOSJavaJavaScriptLinuxPHPPythonRuby

About the role

  • Contributing security-focused feedback to engineers during all phases of the development lifecycle
  • Performing technical security assessments on our web applications, native clients, internal services, and partner applications
  • Seeking out opportunities to automate processes when appropriate
  • Scaling the impact of our team through direct mentorship of our more junior team members
  • Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
  • Maintaining and creating secure development practices and programs for our engineering teams and external developers
  • Acting as an ambassador for security within Slack
  • Serving as a public representative for security at Slack by engaging periodically in internal and external speaking engagements
  • Identifying emerging classes of vulnerabilities and developing solutions for them before they’re a problem
  • Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources

Requirements

  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
  • Experience in security testing of web applications and native apps including Electron and iOS and Android mobile applications.
  • Deep understanding of web application architecture and design principles
  • Experience with Threat Modeling applications using STRIDE or similar framework.
  • Experience with websockets and protobuf a plus
  • Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
  • Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP, HackLang
  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Snyk, and/or Semgrep
  • Knowledge of authentication mechanisms like SAML, OAuth, etc.
  • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
  • Ability to see patterns, commonalities and investigate complex issues
  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues
  • Experience with Amazon AWS services and familiarity with Slack products is a plus
  • Current or former security training or certifications such as SANS GWAPT, OSCP, OSWE or similar is a plus
  • Utilizing AI tools and AI security testing is a plus
  • Public speaking engagements or published research is also a plus; a successful engineer in this role will be expected to represent Slack externally from time to time
  • Though this is not primarily a development role, some background in software engineering in a collaborative and dynamic environment is a plus.
Benefits
  • time off programs
  • medical
  • dental
  • vision
  • mental health support
  • paid parental leave
  • life and disability insurance
  • 401(k)
  • employee stock purchasing program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security testingweb application architectureThreat Modelingmanual secure code reviewJavaScriptJavaPythonRubyPHPHackLang
Soft skills
written communicationverbal communicationempathyorganizational skillsmentorshipproblem-solvingpattern recognition
Certifications
SANS GWAPTOSCPOSWE