Job Details

As a leader of the Threat and Vulnerability Management [TVM] Team, you will be focused on operational efficiency behind deployment, maintenance, and performance of services supporting vulnerability scanning of Salesforce assets hosted on public cloud (Azure, AWS, and/or GCP).

To be a great fit for this position, you should have experience with supporting mature vulnerability management programs, with securing public cloud environments, and with leading a small team.  We are looking for fellow team members that will demonstrate proficiency with adjusting security control implementation strategies for large, ephemeral, and containerized workloads. Experience with vulnerability and configuration scanning products, enterprise-wide implementations, and passion for security with an ability to deliver results is the perfect mix!

Here’s what you’ll do:

• Learn and adapt to Salesforce security strategies, security goals, security objectives and security capabilities to provide a mature and effective vulnerability detection methodology

• Implement and maintain enterprise-wide vulnerability management infrastructure and platform across first party and public cloud environments

• Provide strategies on vulnerability, configuration, and cloud security scanning

• Advise on policy creation based on industry benchmarks and Salesforce security practices

• Provide technical authority, vision, and guidance to ensure the continued evolution of Salesforce’s (TVM) program

• Monitor endpoint security trends and emerging security threats and recommend changes to policy, procedures and tools

• Establish strong working relationships with different parts of the business to provide guidance on remediation of findings

• Drive operational efficiency and effectiveness for areas of responsibility

  • Ensure strong documentation, knowledge overlaps, metrics-driven action, emphasize on automation and scalable solutions

• Provide direct or indirect management to a team of security professionals to solve complex issues

• Work cross-functionally with product management and distributed systems engineering teams to complete large scale projects with impact across the company

• Help team members grow in their respective career paths, provide mentorship and guidance

• Motivate and champion a strong team culture

• Adapt to change quickly and eagerly: changing requirements, changing priorities, changing strategies

• Advocate security and secure practices throughout Salesforce

Here’s what you’ll need:

• Minimum of a B.S. in Computer Science, MIS, or related degree and seven (7) years of relevant experience including management or leadership experience or a combination of education, training and experience

• 2+ years of security experience

• 2+ years of public cloud experience

• Thought leader, articulate, consensus builder, and who is persuasive with a demonstrated ability to serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization

• Experience managing a Vulnerability Management or security related program

• Strong working knowledge of Vulnerability Management and Security Testing lifecycles, processes, and procedures

• Experience with Cloud Security and deploying enterprise-wide controls in Azure (AWS and/or GCP are a plus)

• Experience managing client-server architectures

• Strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations

• Experience troubleshooting issues and providing customer support

• Ability to self-motivate when given strategic goals

• Ability to translate strategic or operational goals to technical and tactical requirements and architectures

• Fundamental understanding of accepted security practices, known attack vectors, and vulnerability assessment methodologies

• Strong written and verbal communications (+ asynchronously when working with global teams)

• Strong operational knowledge of Linux (scripting is a major plus)

• Strong understanding of Information Security principles and technologies

• Experience with networks, firewalls, endpoint protection, log management, patch management, and Active Directory

• Familiarity with industry blogs, key publications in the field of security, and awareness of any recent significant security events

• Security certificates are a plus

Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com or Salesforce.org.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.