Director - Threat & Vulnerability Management
Job Details
As a leader of the Threat and Vulnerability Management [TVM] Team, you will be focused on operational efficiency behind deployment, maintenance, and performance of services supporting vulnerability scanning of Salesforce assets hosted on public cloud (Azure, AWS, and/or GCP).
To be a great fit for this position, you should have experience with supporting mature vulnerability management programs, with securing public cloud environments, and with leading a small team. We are looking for fellow team members that will demonstrate proficiency with adjusting security control implementation strategies for large, ephemeral, and containerized workloads. Experience with vulnerability and configuration scanning products, enterprise-wide implementations, and passion for security with an ability to deliver results is the perfect mix!
Here’s what you’ll do:
Learn and adapt to Salesforce security strategies, security goals, security objectives and security capabilities to provide a mature and effective vulnerability detection methodology
Implement and maintain enterprise-wide vulnerability management infrastructure and platform across first party and public cloud environments
Provide strategies on vulnerability, configuration, and cloud security scanning
Advise on policy creation based on industry benchmarks and Salesforce security practices
Provide technical authority, vision, and guidance to ensure the continued evolution of Salesforce’s (TVM) program
Monitor endpoint security trends and emerging security threats and recommend changes to policy, procedures and tools
Establish strong working relationships with different parts of the business to provide guidance on remediation of findings
Drive operational efficiency and effectiveness for areas of responsibility
Ensure strong documentation, knowledge overlaps, metrics-driven action, emphasize on automation and scalable solutions
Provide direct or indirect management to a team of security professionals to solve complex issues
Work cross-functionally with product management and distributed systems engineering teams to complete large scale projects with impact across the company
Help team members grow in their respective career paths, provide mentorship and guidance
Motivate and champion a strong team culture
Adapt to change quickly and eagerly: changing requirements, changing priorities, changing strategies
Advocate security and secure practices throughout Salesforce
Here’s what you’ll need:
Minimum of a B.S. in Computer Science, MIS, or related degree and seven (7) years of relevant experience including management or leadership experience or a combination of education, training and experience
2+ years of security experience
2+ years of public cloud experience
Thought leader, articulate, consensus builder, and who is persuasive with a demonstrated ability to serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization
Experience managing a Vulnerability Management or security related program
Strong working knowledge of Vulnerability Management and Security Testing lifecycles, processes, and procedures
Experience with Cloud Security and deploying enterprise-wide controls in Azure (AWS and/or GCP are a plus)
Experience managing client-server architectures
Strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations
Experience troubleshooting issues and providing customer support
Ability to self-motivate when given strategic goals
Ability to translate strategic or operational goals to technical and tactical requirements and architectures
Fundamental understanding of accepted security practices, known attack vectors, and vulnerability assessment methodologies
Strong written and verbal communications (+ asynchronously when working with global teams)
Strong operational knowledge of Linux (scripting is a major plus)
Strong understanding of Information Security principles and technologies
Experience with networks, firewalls, endpoint protection, log management, patch management, and Active Directory
Familiarity with industry blogs, key publications in the field of security, and awareness of any recent significant security events
Security certificates are a plus
Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com or Salesforce.org.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.