Provide Expert Security Advisory for Large-Scale Cloud Initiatives
Offer strategic security guidance to engineering teams on complex enterprise architectures and systems across the application and infrastructure stack within large-scale public cloud initiatives.
Drive Proactive Security Through Architecture and Threat Modeling
Partner closely with engineering teams to conduct thorough architecture and threat modeling risk analyses, proactively identifying security vulnerabilities and developing comprehensive risk mitigation plans throughout the SDLC.
Influence Secure Design and Implementation
Collaborate with product teams to influence upstream security improvements, balancing functional goals with security requirements by recommending optimal design solutions.
Align Security Priorities with Business Risk
Work with Product BISOs to curate and prioritize risk-based security initiatives, driving security maturity across all products.
Conduct Continuous Threat and Technology Research
Research emerging threats, vulnerabilities, and new technologies, performing business impact analyses to inform security strategies.
Analyze Risk Signals for Actionable Insights
Analyze diverse risk discovery data sources to derive crucial insights, shaping security activities and roadmaps for Salesforce products.
Support Risk Prioritization Across Security Programs
Leverage deep security expertise and product knowledge to support risk prioritization activities across various security programs.

Requirements

Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required
5+ years proven experience in the following areas in a security engineering or research role:
Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.
Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25
Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.
Threat modeling of security topics across both infrastructure security & application security domains
Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript
Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements
Strong writing and presentation skills. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.

Benefits

Health insurance
401(k) matching
Paid parental leave
Paid time off
Life and disability insurance
Mental health support
Employee stock purchasing program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

public cloud security architectureAmazon Web ServicesGoogle Cloud PlatformMicrosoft AzureAlibaba CloudOWASP Top 10CWE Top 25threat modelingJavaScriptPython

Soft Skills

strong writing skillspresentation skillsclear communicationconcise communicationcollaborationstrategic guidancerisk prioritizationinfluenceanalytical skillsproactive approach