1. Home
  2. Software Engineer (Developer w/ web application security experience)
Expires soon
Salesforce

Software Engineer (Developer w/ web application security experience)

  • San Francisco (San Francisco County)
  • IT development
Apply Now

Job description

Location: San Francisco, CA

Trust is the #1 company value at Salesforce. Our Product Security team ensures the security of our products and serves as subject matter experts for our R&D teams and AppExchange partners to protect our customers' data in today's rapidly evolving threat landscape. We are a team of curious minds that specialize in security research, penetration testing, and innovative tool development.

In this role you will focus on the design, development, and improvement of security tools, systems, and automation. The core goal of your work will be to create technology that acts as a force multiplier for the Salesforce Trust team - automating and abstracting process work, repetitive tasks, and basic Product Security functions to allow the team (and yourself) to focus on the hardest problems. Many of these tools will ultimately be open sourced and shared with the security community at large.

As a Product Security team, we firmly believe that making the internet a safer place for everyone is part of our core business. In addition to developing new tools and technology, you will conduct industry-leading research and solve challenging technical problems on the forefront of application security. This role also includes responsibilities for web application penetration testing, vulnerability analysis, and remediation verification.

Responsibilities:
·  With few restrictions on your choice of technologies and languages, design and develop new security automation and tooling from conception to release to solve a myriad of Product Security challenges including detection, prevention, and analysis.
·  Mature and maintain tools and automation technology used by the Product Security team.
·  Evaluate application security tools for internal consumption.
·  Perform cutting-edge applied research on new attacks and present new findings to both internal and external audiences.
·  Perform black-box penetration testing and code reviews of our flagship services, product offerings and partners apps.
·  Participate in our incident response and vulnerability remediation efforts.
Minimum Qualifications:
·  B.S. / M.S. in Computer Science, Electrical Engineering or related experience.
·  Relevant experience in several of these languages: Ruby, Python, Java, JavaScript, NodeJS, PHP.
·  Builder mindset: Passion for building cool new tools and technology to solve problems
·  Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
·  Attacker mindset: Passion for breaking all the things.
Bonus Points:
·  Contributions to web application development open-source projects
·  Experience developing and consuming REST or SOAP APIs
·  Familiarity with security tools such as static analysis, runtime analysis, black-box testing.
·  Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications. Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes's "World's Most Innovative Company" five years in a row and one of Fortune's "100 Best Companies to Work For" eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world.

*LI-Y
Pentest, Network Security, 0-Day, Netsec, Penetration Test, XSS, Cross-Site Scripting, Cross Site Scripting, SQLi, SQL Injection, Vulnerability, Zero Day,

Make every future a success.
  • Job directory
  • Business directory
    •