Description
Bring Your Security Mindset to the World’s #1 CRM. We are building a dedicated Salesforce Security Practice and looking for a Senior Security Architect to join as a Founding Member.
We are looking for a true security practitioner—someone who understands the DNA of Cloud, SaaS, and full-stack Application Security. You bring deep expertise in Incident Response, Threat Modeling, and Infrastructure Security; we will teach you the Salesforce platform. This is a unique opportunity to cross-train into a high-demand ecosystem while applying rigorous security standards to the top 1,000 enterprise environments. This will be a customer-facing role to help our customers understand and uplift their last-mile security obligations.Key Responsibilities
1. Strategic Advisory
Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps.
Supply Chain Risk: Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware.
Standards Definition: Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice.
2. Architecture, Assessment & Testing
Full-Stack Assessments: Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile).
Threat Modeling: Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility.
3. DevSecOps & Engineering
Secure SDLC: Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines.
Automation: Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale.
Identity Architecture: Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.
Required Experience:
10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).
Assessment Tooling: Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.
Code Review: Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.
Cloud Fluency: Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.
Prior Big-4 or relevant customer facing consulting experience is a plus.
Technical Skills:
Protocols: Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).
Exploit Mitigation: Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.
Certifications (Candidates should possess one or more of the following):
CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth.
CCSP (Certified Cloud Security Professional) – Critical for understanding SaaS/PaaS security models.
OSCP (Offensive Security Certified Professional) or GPEN – Demonstrates hands-on "hacker mindset" and technical capability.
GWAPT (GIAC Web Application Penetration Tester)
CISM (Certified Information Security Manager)
For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.