Salesforce.com, Inc Senior/Lead Penetration Tester in Burlington, Massachusetts
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Products and Technology
We are looking for a seasoned security engineer that wants to leverage their existing penetration testing, offensive security, DevSecOps, and/or infrastructure engineering skills within a dynamic and fast-moving cloud environment. The work will focus primarily on full stack infrastructure security and product security assessments and will include conducting deep dive pentest engagements across multiple clouds, acquisitions, and first-party and public cloud environments; performing code review, threat modeling, assisting the engineering teams of acquisitions integrate with Salesforce standards, and assisting acquisition engineering teams remediate issues uncovered during security testing.
Role: Offensive Security/Pentester
Level: Senior or Lead
Location(s): Bellevue, WA / Bay Area, CA / US / Remote
Perform grey and white box penetration testing; leverage code review skills to identify vulnerabilities and test internally-developed systems and network automation tools, as well as third-party vendor solutions
Provide security guidance and input to engineering and operational teams during design review and threat modeling
Develop secure coding practices and recommend technical mitigations for systems and network-focused development teams
Develop hardening guidelines and review security configurations
Experience in infrastructure vulnerability assessments and remediation
Experience with static and dynamic code analysis
Experience threat modeling SaaS products, cloud infrastructure, RESTful microservices, etc
Strong IaaS security skills, with a focus on AWS, Azure, GCP
Experience fuzzing applications and protocols
Track record of bug bounty awards and/or CVEs
Knowledge of secure software development lifecycle
Experience performing code and infrastructure design reviews
Familiarity with building, deploying, maintaining security controls
Proficiency in Linux systems engineering/operations
Understanding of Microsoft Windows Server/AD deployments
Assembly/exploit development experience
The Ideal Candidate:
Thinks like an attacker
Some way, somehow finds a way to “get it done”
Active within the security community
Has presented/published interesting bugs or CVEs
Full stack pentester (80% infra / 20% web app)
Code review experience
Knowledge of securing infrastructure on one or more cloud providers (AWS, GCP, Azure)
Demonstrable history of build and deploy within a dynamic enterprise cloud environment
Deep engineering, SecDevOps, and/or pentest experience in a public cloud environment
Strong IAM experience
Design review experience
Proficiency in one or more scripting languages
Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form. (http://cloud.mail.salesforce.com/accommodations-request-form)
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com or Salesforce.org.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Founded in 1999, Salesforce is the global leader in Customer Relationship Management (CRM). Companies of every size and industry are using Salesforce to transform their businesses, across sales, service, marketing, commerce, and more by connecting with customers in a whole new way. We harness technologies that can revolutionize companies, careers, and, hopefully, our world.
Salesforce is built on a set of four core values: Trust, Customer Success, Innovation, and Equality. By making technology more accessible, we're helping create a future with greater opportunity and equality for all. This has taken our company to great heights, including being ranked by Fortune as one of the “Most Admired Companies in the World” and one of the “100 Best Companies to Work For” eleven years in a row, and named “Innovator of the Decade” and one of the “World’s Most Innovative Companies” eight years in a row by Forbes.
There are those who choose to work with the best and brightest. And then, there are those who want to do more than just a job. They are the ones improving lives, not only their careers. Having an impact now instead of later. Doing something that’s so much bigger than themselves, an industry, and their company.
We believe everyone can be a Trailblazer. Join Salesforce and discover a future of new opportunities.
- Salesforce.com, Inc Jobs