About the job:
Job Title: Principal Engineer, Application Security Solutions Architect
Salesforce’s Security team is seeking an Application Security Engineer to help secure the world’s #1 CRM. As a member of the NetSec DDoS team, you will be part of the team responsible for designing, building and maintaining innovative security services and solutions that support the needs of our internal and external customers. You’ll be responsible and accountable for driving Application Security protection inside production Salesforce environments – both public cloud and first-party datacenters. This is a highly visible role that will work closely with partner teams to drive an integrated solution and respond to incidents.
- Are interested in growing, automating and developing cutting edge Layer 7 Firewall/WAF infrastructure, software, and tools; you thrive on building services to meet customer’s needs and clearly understand how security done properly is a massive business enabler
- Owning the technical aspects of integration (configuration, debugging, testing, go-live) of our Security Solutions
- Loves to wear multiple hats
- You are a mentor, teacher, coach, who looks to make yourself, and those around you better through positive engagement
- Keen reader of people, culture; builds the relationships to make things happen
- Highly functional in a dynamic, challenging environment
- Top notch communications and collaborative superstar
- Able to balance the needs of delivery with an agile mindset
TOP 5 REASONS TO JOIN THE TEAM
- Opportunity to build and deliver new services for large scale cloud infrastructure
- Opportunity to build a service that is cloud agnostic
- Thrive in a culture of ownership, delivery, and innovation
- Drive the end-to-end delivery of world-class security solutions
- Be a catalyst for change in the realm of World-Class Technology and Products
- Enjoy a hyper-transparent flow of information, conversation and ideas
- Partners with other engineering teams and executives to develop short- and long-term security, product and service strategies.
- Collaborate with other teams to solve security problems with minimal disruption to other business functions.
- Continuous improvement of policies, procedures and technology.
- Interact with industry experts, partners, internal staff and auditors.
- Work effectively as part of a geographically distributed team.
- Occasional travel is required (domestic and international).
- 12+ years of experience in Application Security or Security Architecture
- 3+ years of public cloud experience (e.g. AWS, GCP, Azure)
- Experience designing and deploying DDoS/WAF technologies within public cloud environments
- Experience writing custom WAF rules targeted to attack traffic
- Strong distributed systems and architecture knowledge.
- Well versed in internet fundamentals, TCP stack, DNS and routing, communication protocols such as HTTP or TLS
- Understanding of risks that can manifest in larger scale complex systems.
- Experience in a fast-paced, 24/7 environment
- Experience providing technical direction for a team of developers and architects
- Bachelor’s in Engineering/Computer Science or related industry (or equivalent experience)
- Unix/Linux internal, deployment and maintenance experience
- Infrastructure Security knowledge and experience
- Experience with one or more of Python, Go, Bash, JSON or Perl in order to push software and network interaction
- Knowledge of Salesforce, Heroku, and/or Mulesoft application architecture
- Prior understanding of Agile/Scrum methodologies
- Experience with multi-tiered mission-critical systems
- Solid hands-on technical background particularly in managing highly complex, multi-platform web applications
- ISO 27001, PCI, SOC, FISMA, FedRAMP knowledge.