Product Security Tools Development - Python Developer - Senior/Lead

Salesforce.Com, Inc. Indianapolis , IN 46218

Posted 1 week ago

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

How do you feel when you've eliminated an entire class of potential security issues - across an entire Development organization - and ensured through automation that it will stay that way? Experience this thrill with us on the Tableau Product Security team! We're seeking a self-motivated engineer to lead our efforts in building security scanning, foundational tools, and resources. You'll be joining a group of like-minded engineers who are passionate about building robust products, leveraging automation tooling and testing, and scaling solutions to meet the security needs of a large development organization.

Responsibilities

  • Integrating static analysis and other security scans into build and test pipelines, and ensuring through automation that corresponding findings are appropriately visible, tracked, and addressed.

  • Creating and integrating SDLC workflow tools, boosting the productivity of security and development teams.

  • Helping define "gold standard" images, tools, libraries, frameworks, and/or coding techniques that enable and streamline secure software development.

  • Identifying key risks, communicating them, and collaborating with engineering teams to build a plan to address them.

  • Advocating for security across the company to both engineers and leadership.

Qualifications

  • Cross-platform engineering background, strives for well-designed, scalable systems.

  • 5+ years experience developing product code and/or infrastructure automation.

  • Automation-focused - ability to automate processes and standards is required (Python, Ruby, Go, Powershell, Java, etc).

  • Experience working with Public Cloud (AWS/Azure/GCP)

  • Experience working in multiple security areas, and have driven maturity improvements in significant portions of a security engineering program.

Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com or Salesforce.org.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Security Engineer/ Product Security Engineer

Salesforce.Com, Inc.

Posted 7 days ago

VIEW JOBS 10/17/2020 12:00:00 AM 2021-01-15T00:00 To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category Products and Technology Job Details As a product security engineer for Tableau you will uncover and triage vulnerabilities in our products and facilitate remediation. You will work closely with security researchers, internal stakeholders, and customers to evaluate the validity of reported security vulnerabilities. You will identify the risk these vulnerabilities present and assign a rating for remediation teams. Your work will encompass the full range of Tableau products. You will work with talented technical experts from various Tableau and Salesforce teams on a regular basis. Top contributors will enjoy the freedom to work with limited barriers and the experience of working with other talented and passionate information security professionals. Responsibilities * Confirm reported vulnerabilities in Tableau products * Work closely with customers and security researchers to understand vulnerability reports * Assess and measure the risk presented by vulnerabilities * Measure exploitability of vulnerabilities based on mitigating controls * Document proof of concept exploitation steps * Research known vulnerabilities to reduce reporting duplicate findings * Establish priority level for remediation with product development teams * Establish proper team ownership for remediation activities * Register finding and related information for proper tracking * Direct investigations into previous exploitation of new findings * Direct creation of detection technologies while remediation takes place * Work with other teams to prepare responses for questions related to vulnerabilities * Support teams responsible for approving external security assessment requests * Perform research on new attacks and present new findings to both internal and external audiences * Research new threats, attack vectors and risks * Lead security assessment and threat modeling sessions Qualifications * B.S. / M.S. in Information Security, Computer Science, Electrical Engineering or related experience * 3-5+ years work experience in an application security role * In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25 * Experience in exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, and more * A hacker's mindset and experience with popular penetration testing tools Desired Skills and Credentials: * Proficiency with Tableau products * Experience securely deploying services in AWS * Secure code review experience (Java and C++) * Experience with bug bounty programs * Relevant Information security certifications. (GWAPT, GPEN, OSCP, OSCE, OSWE, CEH, CISSP, etc) * Ability to self motivate when given strategic goals Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form. Posting Statement At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com or Salesforce.org. Salesforce welcomes all. Salesforce.Com, Inc. Indianapolis IN

Product Security Tools Development - Python Developer - Senior/Lead

Salesforce.Com, Inc.