Posted about 1 year ago
Open Roles Include:
Infrastructure Security Engineer
Product Security Engineer
M&A Security Engineer
Enterprise Security Engineer
As a penetration tester at Salesforce.com you will uncover vulnerabilities and help facilitate removal. You will perform penetration tests, information security assessments, and application security assessments on a wide variety of environments. You will work with talented technical experts from various Salesforce.com teams on a regular basis. Top contributors will enjoy the freedom to work with limited barriers and the experience of working with other talented and passionate information security professionals.
All Positions Require:
Perform penetration tests and vulnerability assessments
Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams
Contribute to our penetration testing program and toolkit
Research new threats, attack vectors and risks
Collaborate with your colleagues
BS/MS degree, or relevant work experience
Infrastructure and application level penetration testing experience
Expert knowledge in computer and network security
Extensive knowledge of the OWASP Top 10 and CWE Top 25
Experience in exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, and more.
Experience in software development, Java, PHP, Perl, Python, Ruby, or other relevant languages
BS Computer Science or equivalent knowledge and experience
A hacker's mindset
Experience with the latest and greatest penetration testing tools
Desired Skills and Credentials:
Assembly/exploit development experience
Bug bounty awards
Information security certifications, GPEN, OSCP, OSCE, OSWE, CEH, CISSP
Ability to self motivate when given strategic goals
Leveling: We are looking for the best security engineers in the world. If you fit that profile, we will work with you to ensure that your job title/level is aligned to your skill set. We are hiring for mid, senior, lead, and principal level security engineers.
Infrastructure Security Engineer:
Penetration testing, networks, infrastructure, secure software development lifecycle, vulnerability assessments and remediation. Work with Infrastructure engineering teams throughout the SSDL to ensure their efforts are secure.
Product Security Engineer:
Penetration testing, applications, products, secure software development lifecycle, vulnerability assessments and remediation. Work with Product engineering teams throughout the SSDL to ensure their efforts are secure.
M&A Security Engineer:
Static code analysis, penetration testing, code assessments and remediation. Find vulnerabilities in the infrastructue + products of Salesforce’s acquisitions, drive remediation and adoption to Salesforce’s security standards & practices.
Enterprise Security Engineer:
Penetration testing, networks, infrastructure, vulnerability assessments and remediation. Work on products from third parties and enterprise proprietary systems to ensure security before being added to Salesforce’s ecosystem.
Statement from Salesforce
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for \"family\") made up of our employees, customers, partners, and communities, we are working to improve the state of the world!
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.