Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps.
Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware.
Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice.
Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile).
Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility.
Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines.
Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale.
Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.

Requirements

10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).
Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.
Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.
Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.
Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).
Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.
Certifications (Candidates should possess one or more of the following): CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth. CCSP (Certified Cloud Security Professional) – Critical for understanding SaaS/PaaS security models. OSCP (Offensive Security Certified Professional) or GPEN – Demonstrates hands-on "hacker mindset" and technical capability. GWAPT (GIAC Web Application Penetration Tester) CISM (Certified Information Security Manager).

Benefits

time off programs
medical
dental
vision
mental health support
paid parental leave
life and disability insurance
401(k)
employee stock purchasing program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringapplication securityincident responsered teamingblue teamingcode reviewspenetration testingautomated security scanningvulnerability identificationauthentication and authorization flows

Soft Skills

collaborationadvisingworkshop facilitationrisk identificationmitigation techniquesbalancing security and business agility

Certifications

CISSPCCSPOSCPGPENGWAPTCISM