Description
Salesforce’s Security team is seeking Application Security Engineers to help secure the world’s #1 CRM. As a member of the NetSec DDoS team, you will be responsible for designing, building, and maintaining innovative security services and solutions that support the needs of our internal and external customers. You will be responsible and accountable for driving Application Security protection inside production Salesforce environments—both public cloud and first-party datacenters. This is a highly visible role that will work closely with partner teams to drive an integrated solution and respond to incidents.
RESPONSIBILITIES
Design, architect, engineer, and operate cutting-edge DDoS solutions to provide protection across multiple substrates.
Partner with other engineering teams and executives to develop short- and long-term security, product, and service strategies.
Collaborate with other teams to solve security problems with minimal disruption to other business functions.
Drive continuous improvement of policies, procedures, and technology.
Interact with industry experts, partners, internal staff, and auditors.
Work effectively as part of a geographically distributed team.
Occasional travel is required (domestic and international).
REQUIREMENTS
-
Industry experience: 10+ years in Infrastructure or Security Architecture (2+ years for MTS), including:
3+ years of experience in networking, security, or DDoS.
3+ years of experience in a high-availability 24/7 environment (cloud platforms are a plus).
M.Sc./M.Eng in Computer Science/Engineering or B.A./B.Sc. in the same disciplines with equivalent years of experience.
Familiarity with denial-of-service attacks, mitigation strategies, and industry best practices.
Familiarity with OWASP Top 10 vulnerabilities, CWE, and related countermeasures.
Experience with log analysis and monitoring systems such as Splunk, ELK, Grafana, etc.
Hands-on experience designing and maintaining leading-edge distributed denial-of-service solutions for large-scale networks.
Hands-on experience designing and maintaining public cloud environments, networking, and security controls.
-
Networking (Security): Industry-level expertise in one or more of the following networking/security aspects:
-
Network security platforms, including segmentation, ACLs, and DDoS protection. Examples include:
Software: iptables, IPsec, VPN, IPS/IDS, firewall management platforms, ACL compilers, and tooling (Capirca).
Hardware: switch ACLs, stateful firewalls, network segmentation, security zones.
VM and container network stacks.
OSI model and debugging network traffic.
Networking protocols (TCP/UDP, BGP, DNS, DHCP).
Datacenter network architecture at the software platform and hardware device levels (NAT, VXLAN, overlay/underlay).
Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP).
-
Must be proficient in network architecture and design, network security, and network monitoring.
2+ years of hands-on experience with one or more of Python, Go, Bash, JSON, or Perl to enable software and network interaction.
DESIRED SKILLS
5+ years of experience in Application Security or Security Architecture.
Experience designing and deploying DDoS/WAF technologies within public cloud and first-party environments.
Experience with content delivery networks such as Akamai, Cloudflare, and CloudFront.
Experience writing custom WAF rules targeted at attack traffic.
Experience with application security testing through bug bounty programs, penetration testing, and red teaming exercises.
Knowledge of Salesforce, Marketing Cloud, and/or Commerce Cloud application architecture.
Well-versed in internet fundamentals, the TCP stack, DNS, and routing, as well as communication protocols such as HTTP or TLS.
Prior understanding of Agile/Scrum methodologies.
Experience with multi-tiered, mission-critical systems.
Solid hands-on technical background, particularly in managing highly complex, multi-platform web applications.