👋 We're Salesforce, the customer company. CRM + Data + AI + Trust.

Senior Practices Director – Technical Security Assessment

Security EngineerSecurity EngineerFull TimeRemoteTeam 10,001+Since 1999H1B SponsorCompany Site LinkedIn

Location

California + 3 more

Posted

7 days ago

Salary

$191.1K - $320.6K / year

Bachelor Degree10 yrs expEnglishAWSAzureCloudGoogle Cloud PlatformJavaJava ScriptPython

Job Description

• Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps. • Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware. • Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice. • Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile). • Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility. • Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines. • Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale. • Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.

Job Requirements

10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).
Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.
Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.
Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.
Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).
Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.
Certifications (Candidates should possess one or more of the following): CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth. CCSP (Certified Cloud Security Professional) – Critical for understanding SaaS/PaaS security models. OSCP (Offensive Security Certified Professional) or GPEN – Demonstrates hands-on "hacker mindset" and technical capability. GWAPT (GIAC Web Application Penetration Tester) CISM (Certified Information Security Manager).