Lead Infrastructure Security Engineer - Cloud Platform at Salesforce in Bellevue, WA

Salesforce

๐Ÿ“Œ Bellevue, WA
๐Ÿ•‘ November 19, 2020
๐Ÿท๏ธ OTHER
View Application

You will be redirected to Salesforce's preferred application process.

Lead Infrastructure Security Engineer - Cloud Platform

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Key responsibilities

  • Scope and perform application security reviews of our full stack: web applications, AP
    Is, and platform architectures.
  • Provide our engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
  • Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.
  • Produce research and collaborate with our peers in the broader information security and public cloud communities and industries.
  • Constantly question existing security practices and routines, and update, replace, or automate them.
  • Write and promote secure development practices for our engineers.
  • Key competencies

  • Experience with various open and closed security testing of applications.
  • Experience with public cloud infrastructure security protections and weaknesses
  • Experience with performing threat modeling and manual secure code review.
  • Strong working knowledge of software engineering and architecture, web applications, linux internals, HTTP, TLS.
  • Scripting skills (our primary languages are Ruby, Python, Go, and Elixir, but well happily speak to candidates with other language backgrounds.)
  • Strong grasp of practical cryptography usage, able to recommend the best approach for storage, transport and identity purposes, specifically in the realm of public cloud.
  • Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
  • Enthusiastic and quick learning of complex systems and poorly-documented open source software.
  • Comfortable working with continuous integration/delivery and agile development teams.
  • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.
  • Technologies

    Strong candidates will have worked with some of these and/or similar technologies:

  • Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
  • Linux, and especially technologies like LXC, Docker, seccomp, grsecurity, etc.
  • A functional understanding of Amazon Web Services
    - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is not required, but will certainly help.
  • Security features in container and container orchestration technologies (LXC, Docker, Kubernetes, gvisor).
  • Languages - one or more of: Ruby, Python, Java, Go, Shell, JavaScript, both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).
  • Modern web technologies
    - Ember.js, Angular, React
    + Redux, GraphQL,.
  • Experience with building security automation is a big plus.
  • Education

    Bachelor's Degree preferred

    Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this

    Posting Statement

    At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

    and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. and do not accept unsolicited headhunter and agency resumes. and will not pay any third-party agency or company that does not have a signed agreement with or Salesforce.org.

    Salesforce welcomes all.

    Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

    View Application

    You will be redirected to Salesforce's preferred application process.


    Job Expires: December 19, 2020

    More Angular Jobs



    Uh oh! Something went wrong. Please try again.
    We were unable to find any more job. Have you tried changing your search keywords?

    ICYMI: Never Miss It Again!

    You will be redirected to Salesforce's preferred application process.