Security Assurance works to ensure no significant security risk escapes into customer-facing products, the supporting platform, or our enterprise technology stack by providing continual security assurance throughout the lifecycle.Security Assurance functions include: conducting design and implementation assessments, performing application security reviews, writing security recommendations, testing, researching security issues, building security tools, and other security related engagements.We secure a broad range of technologies on-premise and in public cloud substrates, including sophisticated web applications, distributed processing systems, virtualized environments, etc.We are looking for the best security engineers in the world.Do you want to help secure the experience of millions of people every day? If the answer is yes then Salesforce is looking for people like you!Roles & Responsibilities:Partner with engineering teams; performing threat modeling, architecture risk analysis, identifying security vulnerabilities, and driving work items and bugs from these activities to resolution.Ability to secure large, sophisticated enterprise architectures or systems deployed in public cloud.Brainstorm with counterparts in the engineering teams to drive security improvements upstream.Identify the trade-offs of different solutions and recommend designs to achieve both functional goals and security requirements.Perform testing, infrastructure/vulnerability assessments, and remediation activities.Work with engineering teams throughout the SDLC to ensure their efforts are secure.Perform design and code reviews of our flagship services and product offerings.Develop new automation and tooling to improve our analysis, detection, and prevention capabilities.Perform innovative applied research on new attacks and present new findings to both internal and external audiences.Develop secure code practices and provide hands-on training to engineering and operations.Required Qualifications:An attacker's mindset.Demonstrated ability in a security engineering or security research role.Infrastructure and Application Security experience.Securing products and infrastructure from the OWASP Top 10 and CWE Top 25.Exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.Public Cloud: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.Experience in software development in one or more languages: Java, Perl, Python, Ruby, etc.Degree-level education, certification(s), and/or meaningful work experience.#LI-Y
#J-18808-Ljbffr