Product Security Engineer

Product

• California - San Francisco

Full time

Posted 31 July 2024

JR261277

California Salary $125,700 - $188,600

Description

Salesforce Inc. seeks Product Security Engineer in San Francisco, CA:

Job Duties:

Collaborate with the engineering teams you support and provide security expertise in all steps of the development process from design to testing. Review engineering specs and documentation and ensure security requirements are met and no flaws. Perform manual and scanner-assisted code reviews. For scanner code reviews, the security engineer must be familiar with Checkmarx or AST based analysis, and proficient in Java, JavaScript and Ruby for manual code reviews. Perform penetration testing on high-risk areas. The security engineer should know how to use tools such as Burp Suite to assist with testing and have understanding of OWASP top 10 and common web application vulnerabilities. Develop and maintain SAST rulesets for Checkmarx, Semgrep PMD or other common security scanners. Apply common threat modeling techniques such as

STRIDE and DREAD on high-risk areas and prioritize requirements based on understanding of business and risks. Create and maintain security documentation such as service context docs, data flow diagrams, penetration testing requirements, and review guidelines. The audiences include other security engineers, our engineering partners and their leadership, and external partners. Serve as a public representative for security at Salesforce by engaging periodically in internal and external speaking engagements. Identify emerging classes of vulnerabilities and developing solutions for them before they’re a problem. ˆHQ address additionally encompasses the following Salesforce locations in San Francisco: 350 Mission Street, 415 Mission Street, and 50 Fremont Street. The permanent position may be offered at any of these locations in San Francisco.

Minimum Requirements:

Master’s degree, or foreign equivalent, in Computer Science, Information Security, Information Network, Engineering (any field), or closely related quantitative discipline, and one (1) year of experience in job offered or in any occupation in a related field.

A related technical degree required (Computer Science, Information Security, Information Network, Engineering (any field)).

Special Skill Requirements:

One (1) year of experience using the following: (1) Penetration Testing; (2) Security Code Reviews; (3) Static Application Security Testing (SAST) tools; (4) Incident response; (5) Threat Modeling; (6) Burp Suite; (7) Scripting languages - Python; (8) Cloud Security - AWS; (9) Dynamic Application Security Tools (DAST); (10) Security Bug Triages and Reviews. Any suitable combination of education, training and/or experience is acceptable.

Salary: $125,700.00 - $188,600.00 per annum.

Submit a resume using the apply button on this posting or by email at: onlinejobpostings@salesforce.com at Job# 22-131225. Salesforce is an Equal Opportunity & Affirmative Action Employer.

#LI-DNI

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.