To get the best candidate experience, please consider applying
for a maximum of 3 roles within 12 months to ensure you are not
Products and Technology
Are you an experienced security professional, passionate about
reducing third party risk for large enterprises? Do you get excited
about working in a strategic third party security program and
innovating new methods of assessment the entire industry can
benefit from? Are you motivated to understand security challenges
across a broad range of platforms and products?
Enterprise Security is hiring a Senior Security Engineer for our
Third Party Security team to help assess and maintain the security
of third party suppliers. In this role you will partner closely
with business stakeholders, legal, and sourcing, in the selection
of suppliers ensuring they meet or exceed Salesforce security
requirements. You will conduct security assessments of third
parties and participate in third party follow up after industry
security events. You will also have the opportunity to share your
knowledge through internal events, conferences and whitepapers.
We are looking for a deeply experienced and proactive
professional who can bring new ideas to an established program. You
are all about working for an innovative forward thinking security
team that seeks continuous improvement.
Perform security assessments of third parties, incorporating
penetration test results, tooling scans, and audit findings into a
comprehensive picture of supplier maturity.
Provide guidance to prospective suppliers on Salesforce security
requirements including remediation advice and potential feature
Review security language in supplier contracts and provide
guidance aligned with security requirements.
Work cross functionally with departments including Sourcing,
Legal, and Business Technology
- Use your writing and presentation skills to communicate at all
levels in the organizations. Possess the ability to communicate
concisely, clearly, and intelligently to partners from a variety of
backgrounds, including those who are non-technical.
5+ years work experience in a security role
Previous experience with large enterprise third party
Hands on experience with penetration testing, threat modeling,
and design reviews.
Experience determining security maturity of third
parties/developing security risk profiles
In-depth experience identifying and protecting against web
application and web service security vulnerabilities including
those found in the OWASP Top 10 and CWE Top 25.
Knowledge of MITRE ATT&CK Framework
Strong knowledge of the browser security model and cloud
Ability to prioritize and drive multiple work streams forward
- Excellent written and oral communication skills, including
experience presenting to executive management.
In-depth knowledge of the Salesforce platform, Heroku, AWS, GCP,
Working knowledge of GDPR and CCPA interpretations within
Familiarity with standard security certifications such as ISO,
SOC 2, and PCI DSS.
Experience reviewing and editing security related contract
Experience with third party security reporting
Contributions to the security community such as research, public
CVEs, bug-bounty recognitions, open-source projects, and blogs or
- Industry certifications such as CISSP, OSCP, OSWE, GWAPT or
For Colorado-based roles: Minimum annual salary of $121,800. You
may also be offered a bonus, restricted stock units, and benefits.
More details about our company benefits can be found at the
following link: https://www.getsalesforcebenefits.com/
Statement from Salesforce
Salesforce, the Customer Success Platform and world's #1 CRM,
empowers companies to connect with their customers in a whole new
way. The company was founded on three disruptive ideas: a new
technology model in cloud computing, a pay-as-you-go business
model, and a new integrated corporate philanthropy model. These
founding principles have taken our company to great heights,
including being named one of Forbes's "World's Most Innovative
Company" five years in a row and one of Fortune's "100 Best
Companies to Work For" eight years in a row. We are the fastest
growing of the top 10 enterprise software companies, and this level
of growth equals incredible opportunities to grow a career at
Salesforce. Together, with our whole team made up of our employees,
customers, partners, and communities, we are working to improve the
state of the world!
If you require assistance due to a disability applying for open
positions please submit a request via this Accommodations Request
At Salesforce we believe that the business of business is to
improve the state of our world. Each of us has a responsibility to
drive Equality in our communities and workplaces. We are committed
to creating a workforce that reflects society through inclusive
programs and initiatives such as equal pay, employee resource
groups, inclusive benefits, and more. Learn more about Equality at
Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment
Opportunity and Affirmative Action Employers. Qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender perception or
identity, national origin, age, marital status, protected veteran
status, or disability status. Salesforce.com and Salesforce.org do
not accept unsolicited headhunter and agency resumes.
Salesforce.com and Salesforce.org will not pay any third-party
agency or company that does not have a signed agreement with
Salesfore.com or Salesforce.org.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los
Angeles Fair Chance Initiative for Hiring, Salesforce will consider
for employment qualified applicants with arrest and conviction