Search 
jobs
Explore 
companies
My job alerts

Product Security Lead Advisor

Airkit

Airkit

Product
San Francisco, CA, USA
Posted on Feb 6, 2026
Apply now

Description

About The Role

Join our Infrastructure & Foundations Product Security Advisory team as a Lead Product Security Engineer, where you'll play a pivotal role in fortifying the bedrock of Salesforce's entire product ecosystem. In this highly impactful position, you'll leverage your deep technical expertise to provide strategic security guidance and leadership to engineering teams responsible for our foundational services, including core technical security controls, public cloud platforms, and build infrastructure.

As a trusted security advisor, you'll serve as the primary point of contact for our engineering partners and leadership, cultivating strong relationships and delivering critical security recommendations. Your contributions will directly shape and enhance the security posture of our core platforms, ensuring the resilience and integrity of Salesforce's offerings.

Our team specializes in providing deep architectural and infrastructure security expertise across a diverse range of technologies, both on-premises and within public cloud environments. This includes securing web applications, distributed systems, and virtualized infrastructures. You'll champion secure software development lifecycle (SSDL) best practices, empowering engineering teams to build secure products from the ground up.

Responsibilities and Impact

  • Provide Expert Security Advisory for Large-Scale Cloud Initiatives:

    • Offer strategic security guidance to engineering teams on complex enterprise architectures and systems across the application and infrastructure stack within large-scale public cloud initiatives.

  • Drive Proactive Security Through Architecture and Threat Modeling:

    • Partner closely with engineering teams to conduct thorough architecture and threat modeling risk analyses, proactively identifying security vulnerabilities and developing comprehensive risk mitigation plans throughout the SDLC.

  • Influence Secure Design and Implementation:

    • Collaborate with product teams to influence upstream security improvements, balancing functional goals with security requirements by recommending optimal design solutions.

  • Align Security Priorities with Business Risk:

    • Work with Product BISOs to curate and prioritize risk-based security initiatives, driving security maturity across all products.

  • Conduct Continuous Threat and Technology Research:

    • Research emerging threats, vulnerabilities, and new technologies, performing business impact analyses to inform security strategies.

  • Analyze Risk Signals for Actionable Insights:

    • Analyze diverse risk discovery data sources to derive crucial insights, shaping security activities and roadmaps for Salesforce products.

  • Support Risk Prioritization Across Security Programs:

    • Leverage deep security expertise and product knowledge to support risk prioritization activities across various security programs.

Minimum qualifications

  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required

  • 5+ years proven experience in the following areas in a security engineering or research role:

    • Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.

    • Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25

    • Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.

  • Threat modeling of security topics across both infrastructure security & application security domains

  • Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript

  • Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements

  • Strong writing and presentation skills. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.

Preferred Qualifications

  • An attacker’s mindset; consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them

  • A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand.

  • Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns

  • Experience managing or participating in an information security program and improving or proposing improvements to a secure development lifecycle

  • Some experience performing penetration testing or familiarity with the process

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

Apply now
See more open positions at Airkit
Privacy policyCookie policy