Senior/Lead Penetration Tester
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category Products and Technology
Salesforce is one of the leading companies in the world and the 6# place on the Fortune List of the Top 100 "companies to work for" in 2020. Serving millions of customers around the world, its security really makes a difference! Salesforce has one of the best Information Security teams in the industry, and growing this piece of the business is a top priority! Trust and security are Salesforce's number one value as a company. As a result, we are aiming to recruit the very top security talents available to grow our 1st security team.
We are looking for an expert security engineer that wants to take his existing penetration testing, research, and infrastructure engineering skills to the next level, joining Salesforce’s world-leading pentest team and working within a dynamic and fast-moving cloud environment. The work will focus primarily on full-stack security assessments and will include conducting deep-dive penetration tests, security researches, and code review across multiple clouds, acquisitions, and first-party and public cloud environments; All to provide a cross-company risk reduction and have a real impact over Salesforce’s security posture.
- Perform full-stack (Infra & Product security) grey and white box penetration testing;
- Leverage code review skills to identify complex vulnerabilities within code.
- Provide security guidance and input to engineering and operational teams.
- Develop security tools for the detection and prevention of security threats.
- Interact with other security teams to provide insights & security knowledge share.
- Experience in infrastructure vulnerability assessments and remediation.
- Experience in web-based vulnerability assessments and remediation.
- Experience with static and dynamic code analysis.
- Strong IaaS security skills, with a focus on AWS, Azure, GCP
- Experience fuzzing applications and protocols.
- Track record of bug bounty awards and/or CVEs / Public Security Articles.
- Knowledge of secure software development lifecycle (SDLC).
- Experience performing code and infrastructure design reviews.
- Reverse Engineering/Exploitation capabilities.
- Familiarity with building, deploying, maintaining security controls.
- Proficiency in Linux systems engineering/operations.
- Understanding of Microsoft Windows Server/AD deployments.
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org .
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Back to top