[OTX-274] Senior Security Engineer

[OTX-274] Senior Security Engineer

15 nov
Salesforce.Com, Inc
Buenos Aires C.F.

15 nov

Salesforce.Com, Inc

Buenos Aires C.F.

_To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts._

**Job Category**

Products and Technology

**Job Details**

The PaaS Security Assurance team is responsible for the overall security of Salesforce Platform as a Service offerings (Heroku, Mulesoft) and related infrastructure, and for compliance with established security policies. We’re looking for dedicated security engineers, who understand public cloud and platforms and their unique security challenges to join the team.

PaaS Security Assurance in charge of helping our engineers in creating the most trusted platforms for app delivery and connectivity.

We make ourselves available at every stage in the software development lifecycle, facilitating secure design choices without sacrificing the usability of our products.

You’ll work closely with our engineers to scope and execute platform and application security reviews throughout the development cycle, including architecture reviews and threat models, secure code reviews, and platform and application penetration testing. Creative security solutions are expected in order to enable our engineers to excel at what they do best.

The role is geared for a Security Engineer that has experience with platform and application security testing, software engineering, and working in an agile engineering environment. We’re looking for someone who’s excited to apply those skills to the world’s leading Platforms-as-a-Service. We are a diverse and a 'remote first' team, with members in multiple global timezones.

**Key duties:**

+ Scope and perform application security reviews of our full stack: web applications, APIs, and platform architectures.

+ Provide our engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.

+ Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.

+ Produce research and join forces with our peers in the broader information security and public cloud communities and industries.

+ Constantly question existing security practices and routines, and update, replace, or automate them.

+ Write and promote secure development practices for our engineers.

**Key competencies:**

+ Experience with various open and closed security testing of applications.

+ Experience with public cloud infrastructure security protections and weaknesses

+ Experience with performing threat modeling and manual secure code review.

+ Strong working knowledge of software engineering and architecture, web applications, linux internals, HTTP, TLS.

+ Scripting skills (our primary languages are Ruby, Python, Go, and Elixir, but we’ll happily speak to candidates with other language backgrounds.)

+ Strong grasp of practical cryptography usage, able to recommend the best approach for storage, transport and identity purposes, specifically in the realm of public cloud.

+ Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.

+ Keen and quick learning of complex systems and poorly-documented open source software.

+ Comfortable working with continuous integration/delivery and agile development teams.

+ Able to work across diverse engineering teams and products to meet organizational security goals.

**Key Knowledge:**

+ Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.

+ Linux, and especially technologies like LXC, Docker, seccomp, grsecurity, etc.

+ A functional knowledge of Amazon Web Services - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is not required, but will certainly help.

+ Security features in container and container orchestration technologies (LXC, Docker, Kubernetes, gvisor).

+ Languages - one or more of: Ruby, Python, Java, Go, Shell, JavaScript, both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).

+ Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets ( http://socket.io/Websockets ).

+ Experience with building security automation is a big plus.

**Benefits & Perks:**

+ Competitive compensation

+ Employee Stock Purchase Program

+ Catered lunch in the office 3 days a week

+ OSDE 410 for the family group

+ Wellness and Education Reimbursement

+ Unlimited PTO

+ Parental Leave

+ Childcare subsidies

+ And more!

**Accommodations** **-** If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form. at http://cloud.mail.salesforce.com/accommodations-request-form

**Posting Statement**

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com at http://salesforce.com/ and Salesforce.org at http://salesforce.org/ are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com at http://salesforce.com/ and Salesforce.org at http://salesforce.org/ do not accept unsolicited headhunter and agency resumes. Salesforce.com at http://salesforce.com/ and Salesforce.org at http://salesforce.org/ will not pay any third-party agency or company that does not have a signed agreement with Salesfore.com at http://salesfore.com/ or Salesforce.org.

Salesforce welcomes all.

Founded in 1999, Salesforce is the global leader in Customer Relationship Management (CRM). Companies of every size and industry are using Salesforce to transform their businesses, across sales, service, marketing, commerce, and more by connecting with customers in a whole new way. We harness technologies that can revolutionize companies, careers, and, hopefully, our world.

Salesforce is built on a set of four core values: Trust, Customer Success, Innovation, and Equality. By making technology more accessible, we're helping create a future with greater opportunity and equality for all. This has taken our company to great heights, including being ranked by Fortune as one of the “Most Admired Companies in the World” and one of the “100 Best Companies to Work For” eleven years in a row, and named “Innovator of the Decade” and one of the “World’s Most Innovative Companies” eight years in a row by Forbes.

There are those who choose to work with the best and brightest. And then, there are those who want to do more than just a job. They are the ones improving lives, not only their careers. Having an impact now instead of later. Doing something that’s so much bigger than themselves, an industry, and their company.

We believe everyone can be a Trailblazer. Join Salesforce and discover a future of new opportunities.

El anuncio original lo puedes encontrar en Kit Empleo:

Postulate a este anuncio

Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.

Suscribete a esta alerta:
Escribe tu dirección de correo electrónico, te permitirá de estar al tanto de los últimos empleos por: [otx-274] senior security engineer
Publica un nuevo anuncio gratuito
Necesitas publicar un anuncio? Con más de 1 millón de usuarios únicos al mes en corto encontrarás el candidato ideal para tu empresa, ¿qué estás esperando!
Publica ahora

Suscribete a esta alerta