Offensive Security Principal (Red Team)

We are seeking an Offensive Security Principal (Red Team) to join our security team in Israel. This is a senior, hands-on technical role where you will serve as a trusted expert and technical authority, leading the most advanced and impactful adversary simulation operations across Salesforce's products, platforms, and enterprise environment. You will operate at the principal level, owning complex, end-to-end attack scenarios that mirror real-world threat actors' tactics, motivations, and objectives. As part of our security organization, you will play a critical role in strengthening Salesforce's security posture by exposing systemic weaknesses, challenging defensive assumptions, and driving meaningful improvements in our ability to detect and respond to sophisticated threats.

Responsibilities

In this role, you will design and personally execute complex, high-impact red team operations spanning the entire attack kill chain-from initial access through objective completion. You will simulate real-world threat actors by applying their tactics, techniques, and operational constraints to identify, exploit, and chain vulnerabilities across applications, identity systems, cloud environments, and enterprise infrastructure. Your work will directly influence how Salesforce defends against advanced persistent threats.

Day-to-day, you will develop and refine advanced offensive tradecraft, including novel exploitation techniques, custom tooling and payloads, and sophisticated bypasses of security controls and detections. You will analyze Salesforce products and platforms through an adversary's lens, understanding how threat actors might abuse, exploit, and chain vulnerabilities to achieve their objectives. You will act as the technical escalation point for complex exploitation paths, advanced attack chain validation, and challenging findings that require deep expertise to resolve.

You will partner closely with the Red Team Director on campaign design and prioritization, collaborate with Detection & Response teams to stress-test visibility and response capabilities, and work alongside engineering and platform teams to explain root causes and drive durable security fixes. A key aspect of this role involves translating sophisticated attack scenarios into clear, technically rigorous remediation guidance that enables teams across the organization to understand not just what vulnerabilities exist, but why defenses failed and which changes will meaningfully disrupt real threat actors.

As a principal-level contributor, you will mentor engineers and security professionals, raising the technical bar across the organization and evolving red team methodologies to stay ahead of emerging threats. Through this work, you will gain unparalleled experience in offensive security at enterprise scale, deepen your understanding of cloud-native and distributed system security, and make a measurable impact on the security resilience of products used by millions of customers worldwide.

Required Qualifications

• Degree or equivalent relevant experience required. Experience will be evaluated based on the core competencies for the role (e.g. extracurricular leadership roles, military experience, volunteer roles, work experience, etc.)
• Deep, proven expertise in offensive security, including red teaming, high-impact penetration testing, or adversary simulation, with a strong attacker mindset
• Extensive hands-on experience executing realistic, end-to-end adversary attack campaigns
• Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and attacker objectives and decision-making across the kill chain
• Strong understanding of identity, authorization, and trust abuse at scale
• Strong understanding of application security and attack paths
• Strong understanding of cloud and hybrid enterprise attack surfaces
• Hands-on experience with manual exploitation and advanced attack chaining
• Hands-on experience with custom tooling, exploitation, and/or payload development
• Hands-on experience bypassing layered security controls and detections
• Ability to clearly articulate how attackers achieved objectives, why defenses failed at each stage of the kill chain, and which changes will meaningfully disrupt real threat actors
• Strong communication skills and ability to influence across teams without formal authority

Preferred Qualifications

• Track record of security research or vulnerability discovery, CVEs, publications, blogs, or conference talks
• Experience in adversary emulation, breach/assumed breach, or long-running campaigns
• Malware analysis background and/or exploit development experience informed by real-world threat actor behavior
• Experience collaborating closely with Detection & Response or Purple Team functions
• Familiarity with cloud-native architectures, identity-centric security models, and large-scale distributed systems

Benefits & Perks

Check out our benefits site which explains our various benefits, including wellbeing reimbursement, generous parental leave, adoption assistance, fertility benefits, and more.

Salesforce Information

Check out our Salesforce Engineering Site.

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

Client-provided location(s): Flexible / Remote

Job ID: Salesforce-JR329096

Employment Type: FULL_TIME

Posted: 2026-02-12T20:00:37